Top cited Network Security Articles- Part 1
International Journal of Network Security & Its Applications (IJNSA) ISSN 0974 - 9330 (Online); 0975 - 2307 (Print)
http://airccse.org/journal/ijnsa.html
Citation Count – -51
The Internet of Things : New Interoperability, Management and Security Challenges Mahmoud Elkhodr, Seyed Shahrestani and Hon Cheung School of Computing, Engineering and Mathematics, Western Sydney University, Sydney, Australia
ABSTRACT The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates opportunities in numerous domains. However, this increase in connectivity creates many prominent challenges. This paper provides a survey of some of the major issues challenging the widespread adoption of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security, management, and privacy.
KEYWORDS Internet of Things, Wireless Network, Security, Privacy, Management & Interoperability
For More Details : http://aircconline.com/ijnsa/V8N2/8216ijnsa06.pdf Volume Link : http://airccse.org/journal/jnsa16_current.html
REFERENCES [1] M. Elkhodr, S. Shahrestani, and H. Cheung, "A Semantic Obfuscation Technique for the Internet of Things," in IEEE International Conference on Communications (ICC), Sydney, Australia, 2014, pp. 448 453. [2] L. Atzori, A. Iera, and G. Morabito, "The Internet of Things: A survey," Computer Networks, vol. 54, pp. 2787-2805, 2010. [3] H. y. D. o. C. Science, F. Eliassen, and J. Veijalainen, A functional approach to information system interoperability, 1988. [4] Wikipedia. Interoperability. Available: https://en.wikipedia.org/wiki/Interoperability [5] "IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries,"IEEE Std 610, pp. 1-217, 1991. [6] H. van der Veer and A. Wiles, "Achieving technical interoperability," European Telecommunications Standards Institute, 2008. [7] (2011). Semantic interoperability of health information Available: http://www.en13606.org/theceniso-en13606-standard/semantic-interoperability [8] A. E. Andargoli, P. Bernus, and H. Kandjani, "Analysis of Interoperability in the Queensland Disaster Management System," in ICEIS (3), 2013, pp. 310-317. [9] (2015). Cross-Domain domaininteroperability
Interoperability.
Available:
[10] J. Sarto. ZigBee VS 6LoWPAN for Sensor https://www.lsr.com/whitepapers/zigbee-vs-6lowpan-for-sensor-networks
https://www.ncoic.org/cross-
Networks.
Available:
[11] (10/07/2010). Available: http://www.hybus.net/lan_english/index.htm [12] J. Groopman. (2014) Interoperability: The Biggest Challenge Facing Mass Consumerization of Internet of Things. Altimeter. Available: http://www.altimetergroup.com/2014/02/interoperabilitythechallenge-facing-the-internet-of-things/ [13] S. Kumar, M. Bhardwaj, and A. Q. Bhat, "Study of Wireless Sensor Networks its Routing Challenges and Available Sensor Nodes," in International Journal of Engineering Research and Technology, 2013. [14] C. H. Liu, B. Yang, and T. Liu, "Efficient naming, addressing and profile services in InternetofThings sensory environments," Ad Hoc Networks, vol. 18, pp. 85-101, 7// 2014. [15] Q. Zhu, R. Wang, Q. Chen, Y. Liu, and W. Qin, "Iot gateway: Bridgingwireless sensor networks into internet of things," in 2010 IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing (EUC), 2010, pp. 347-352. [16] R. R. Kujur and A. Dwivedi, "Exploration of Existing Frameworks for Connecting Wireless Sensor Networks (WSNs) with Current Internet," International Journal of Computer Applications, vol. 86, 2014.
[17] M. Blackstock and R. Lea, "Toward interoperability in a web of things," in Proceedings of the 2013 ACM conference on Pervasive and ubiquitous computing adjunct publication, 2013, pp. 1565-1574. [18] M. Welsh and G. Mainland, "Programming Sensor Networks Using Abstract Regions," in NSDI,2004, pp. 3-3. [19] Y.-K. Chen, "Challenges and opportunities of internet of things," in 2012 17th Asia and South Pacific Design Automation Conference (ASP-DAC), 2012, pp. 383-388. [20] C. C. Aggarwal, N. Ashish, and A. Sheth, "The internet of things: A survey from the data-centric perspective," in Managing and mining sensor data, ed: Springer, 2013, pp. 383-428. [21] N. A. Ali and M. Abu-Elkheir, "Data management for the internet of things: Green directions," in Globecom Workshops (GC Wkshps), 2012, pp. 386-390. [22] M. Chui, M. Lรถffler, and R. Roberts, "The internet of things," McKinsey Quarterly, vol. 2, pp. 19,2010. [23] L. Yang, S. Yang, and L. Plotnick, "How the internet of things technology enhances emergency response operations," Technological Forecasting and Social Change, vol. 80, pp. 1854-1867,2013. [24] M. Elkhodr, S. Shahrestani, and H. Cheung, "A Review of Mobile Location Privacy in the Internet of Things," in 2012 Tenth International Conference on ICT and Knowledge Engineering, Bangkok, Thailand, 2012, pp. 266-272. [25] M. H. Behringer, "End-to-End Security," The Internet Protocol Journal, vol. 12, p. 20, 2009. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.2, March 2016 101 [26] G. Summers, "Data and databases," Koehne, H Developing Databases with Access: Nelson Australia Pty Limited, pp. 4-5, 2004. [27] R. Roman, P. Najera, and J. Lopez, "Securing the Internet of Things," Computer, vol. 44, pp. 51-58, 2011. [28] H. Suo, J. Wan, C. Zou, and J. Liu, "Security in the internet of things: a review," in 2012 International Conference onComputer Science and Electronics Engineering (ICCSEE),, 2012, pp.648651. [29] R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, "Key management systems for sensor networks in the context of the Internet of Things," Computers & Electrical Engineering, vol. 37, pp. 147-159, 2011. [30] C. Doukas and I. Maglogiannis, "Bringing IoT and cloud computing towards pervasive healthcare," presented at the Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Palermo, Italy, 2012. [31] J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Computer Communication Review, vol. 34, pp. 39-53, 2004. [32] G. Gang, L. Zeyong, and J. Jun, "Internet of things security analysis," in 2011 International Conference on Internet Technology and Applications (iTAP), 2011, pp. 1-4.
[33] S. Misra, P. V. Krishna, H. Agarwal, A. Saxena, and M. S. Obaidat, "A learning automata based solution for preventing distributed denial of service in Internet of things," in 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, 2011,pp. 114122. [34] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, "Security Challenges in the IP-based Internet of Things," Wireless Personal Communications, vol. 61, pp. 527-542, 2011. [35] D. Mansouri, L. Mokdad, J. Ben-Othman, and M. Ioualalen, "Detecting DoS attacks in WSN based on clustering technique," in Wireless Communications and Networking Conference (WCNC), 2013, pp. 2214-2219. [36] D. Martynov, J. Roman, S. Vaidya, and H. Fu, "Design and implementation of an intrusion detection system for wireless sensor networks," in IEEE International Conference on Electro/Information Technology, 2007, pp. 507-512. [37] S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion detection in the Internet of Things," Ad hoc networks, vol. 11, pp. 2661-2674, 2013. [38] S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks," IEEE Communications Surveys & Tutorials, vol. 15, pp. 2046-2069, 2013. [39] N. Ye, Y. Zhu, R.-C. Wang, R. Malekian, and L. Qiao-min, "An Efficient Authentication and Access Control Scheme for Perception Layer of Internet of Things," Applied Mathematics & Information Sciences, vol. 8, pp. 1617-1624, Jul 2014 2014-03-22 2014. [40] L. Wang, D. Wijesekera, and S. Jajodia, "A logic-based framework for attribute based access control," presented at the ACM workshop on Formal methods in security engineering, NY, USA, 2004. [41] Q. Han and J. Li, "An authorization management approach in the internet of things," Journal of Information & Computational Science, vol. 9, pp. 1705-1713, 2012. [42] D. R. Kuhn, E. J. Coyne, and T. R. Weil, "Adding attributes to role-based access control," Computer, pp. 79-81, 2010. [43] A. Cavoukian, M. Chibba, G. Williamson, and A. Ferguson, "The Importance of ABAC:AttributeBased Access Control to Big Data: Privacy and Context," The Privacy and Big Data Institute, Canada2015. [44] M. Elkhodr, S. Shahrestani, and H. Cheung, "The Internet of Things: Vision & Challenges," in IEEE Tencon Spring 2013, Sydney, Australia, 2013, pp. 218 - 222. [45] B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady, "Enhancing security and privacy in trafficmonitoring systems," IEEE Pervasive Computing, vol. 5, pp. 38-46, 2006. [46] M. Elkhodr, S. Shahrestani, and H. Cheung, "A Review of Mobile Location Privacy in the Internet of Things," in IEEE Tenth International Conference on ICT and Knowledge Engineering,Bangkok, Thailand, 2012, pp. 266-272.
AUTHOR Mahmoud Elkhodr is with the School of Computing, Engineering and Mathematics at Western Sydney University (Western), Australia. He has been awarded the International Postgraduate Research Scholarship (IPRS) and Australian Postgraduate Award (APA) in 2012-2015. Mahmoud has been awarded the High Achieving Graduate Award in 2011 as well. His research interests include: Internet of Things, e-health, Human Computer-Interactions, Security and Privacy. Dr. Seyed Shahrestani completed his PhD degree in Electrical and Information Engineering at the University of Sydney. He joined Western Sydney University (Western) in 1999, where he is currently a Senior Lecturer. He is also the head of the Networking, Security and Cloud Research (NSCR) group at Western. His main teaching and research interests include: computer networking, management and security of networked systems, analysis, control and management of complex systems, artificial intelligence applications, and health ICT. He is also highly active in higher degree research training supervision, with successful results. Dr. Hon Cheung graduated from The University of Western Australia in 1984 with First Class Honours in Electrical Engineering. He received his PhD degree from the same university in 1988. He was a lecturer in the Department of Electronic Engineering, Hong Kong Polytechnic from 1988 to 1990. From 1990 to 1999, he was a lecturer in Computer Engineering at Edith Cowan University, Western Australia. He has been a senior lecturer in Computing at Western Sydney University since 2000. Dr Cheung has research experience in a number of areas, including conventional methods in artificial intelligence, fuzzy sets, artificial neural networks, digital signal processing, image processing, network security and forensics, and communications and networking. In the area of teaching, Dr Cheung has experience in development and delivery of a relative large number of subjects in computer science, electrical and electronic engineering, computer engineering and networking.
Citation Count –26
Wearable Technology Devices Security and Privacy Vulnerability Analysis Ke Wan Ching and Manmeet Mahinderjit Singh School of Computer Sciences,University Sains MalaysiaPenang, Malaysia
ABSTRACT Wearable Technology also called wearable gadget, is acategory of technology devices with low processing capabilities that can be worn by a user with the aim to provide information and ease of access to the master devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable technology becomes significant when people start their invention in wearable computing, where their mobile devices become one of the computation sources. However, wearable technology is not mature yet in term of device security and privacy acceptance of the public. There exists some security weakness that prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is authentication issue. The low processing due to less computing power of wearable device cause the developer's inability to equip some complicated security mechanisms and algorithm on the device. In this study, an overview of security and privacy vulnerabilities on wearable devices is presented. KEYWORDS Wearable Technology; Wearable Devices; GoogleGlass; Smartwatch
For More Details : http://aircconline.com/ijnsa/V8N3/8316ijnsa02.pdf Volume Link : http://airccse.org/journal/jnsa16_current.html
REFERENCES [1] Tehrani, Kiana, and Andrew M. (26 Mar, 2014). Wearable Technology and Wearable Devices: Everything You Need to Know. (cited 18 Sep, 2015). [Online] Available: http://www.wearabledevices.com/what-is-a-wearable-device/ [2] Transparency Market Research. (05 Jun, 2014). Wearable Technology Market Research Report 2018. (cited 21 Sep, 2015). [Online]Available: http://www.transparencymarketresearch.com/article/wearabletechnology-market.htm [3] Viral M. (01 Apr, 2012). Wearable Computer. (cited 18 Sep, 2015). [Online] Available: http://www.slideshare.net/fbviralmehta/wearable-computer-12242345 [4] PricewaterhouseCoopers B.V. 2014. Consumer intelligence series - The wearable future. (cited 19 Sep, 2015). [Online] Available: https://www.pwc.se/sv/media/assets/consumer-intelligence-seriesthewearable-future.pdf [5] Al-Muhtadi, J., D. Mickunas, and R. Campbell. Wearable security services. in Distributed Computing Systems Workshop, 2001 International Conference on. 2001. [6] McAdams, E., et al. Wearable sensor systems: The challenges. in Engineering in Medicine and Biology Society, EMBC, 2011 Annual International Conference of the IEEE. 2011. [7] Pietro, R.D. and L.V. Mancini, Security and privacy issues of handheld and wearable wireless devices. Commun. ACM, 2003. 46(9): p. 74-79. [8] Uddin, M., et al., Wearable Sensing Framework for Human Activity Monitoring, in Proceedings of the 2015 workshop on Wearable Systems and Applications. 2015, ACM: Florence, Italy. p. 21-26. [9] Authentify. (2016). Out-of-Band Authentication. (Cited http://authentify.com/solutions/authentication-concepts/band-authentication/
28
Feb,
2016).
[10] Ghoreishizadeh, S.S., et al. A lightweight cryptographic system for implantable biosensors. In Biomedical Circuits and Systems Conference (BioCAS), 2014 IEEE. 2014. IEEE. [11] Safavi, S. and Z. Shukur, Improving google glass security and privacy by changing the physical and software structure. Life Science Journal, 2014. 11(5): p. 109-117. [12] Geran S. (18 Apr, 2014). Is Google Glass a Security Risk? (cited 19 Oct, 2015).[Online] Available: https://blog.bit9.com/2014/04/18/is-google-glass-a-security-risk/ [13] Daniel D. 2013. Privacy Implications of Google Glass. (cited 21 Oct, 2015).[Online] Available: http://resources.infosecinstitute.com/privacy-implications-of-google-glass/ [14] Marc R. (17 Jul, 2013). Hacking the Internet of Things for Good. (cited 19 Oct,2015).[Online] Available: https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/ [15] Candid W. (18 Jul, 2013). Google Glass Still Vulnerable to WiFi Hijacking Despite QR Photobombing Patch. (cited 21 Oct, 2015).[Online] Available: http://www.symantec.com/connect/blogs/google-glass-still-vulnerable-wifi-hijacking-despiteqrphotobombing-patch
[16] [fitbit. (cited 21 Oct, 2015).[Online] Available: https://www.fitbit.com/my [17] Michael S. (11 Jun, 2015). Internet of Things Security Evaluation of nine Fitness Trackers. (cited 21 Oct, 2015).[Online] Available: https://www.av-test.org/fileadmin/pdf/avtest_201506_fitness_tracker_english.pdf [18] Rahman, M., B. Carbunar, and M. Banik, Fit and vulnerable: Attacks and defenses for a health monitoring device. arXiv preprint arXiv:1304.5672, 2013. [19]J acob B. (03 Aug, 2015). Surveillance Society: Wearable fitness devices often carry security risks. (cited 21 Oct, 2015).[Online] Available: http://www.postgazette.com/news/surveillancesociety/2015/08/03/Surveillance-Society-Wearable-fitness-devices-oftencarry-securityrisks/stories/201508030023 [20] Cyr, B., et al., Security Analysis of Wearable Fitness Devices (Fitbit). Massachusets Institute of Technology, 2014. [21] Carly P. (24 May, 2015). iPhone users' privacy at risk due to leaky Bluetooth technology. (cited 24 Oct, 2015).[Online] Available: http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-atriskdue-to-leaky-bluetooth-technology [22] Kristi R. (22 Jul, 2015). HP Study Reveals Smartwatches Vulnerable to Attack. (cited 4 Oct, 2015).[Online] Available: http://www8.hp.com/us/en/hpnews/pressrelease.html?id=2037386#.Vi18G7crLIU [23] Liviu A. (12 Sep, 2014). Bitdefender Research Exposes Security Risks of Android Wearable Devices.(cited 24 Oct, 2015).[Online] Available: http://www.darkreading.com/partnerperspectives/bitdefender/bitdefender-research-exposes-security-risksof-android-wearable-devices-/a/d-id/1318005 [24] Ryan G. (01 Oct, 2013). Accelerometer vs. Gyroscope: What's the Difference? (cited 23 Oct,2015).[Online] Available: http://www.livescience.com/40103-accelerometer-vs-gyroscope.html [25] Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver. 2013. SENSORS ON ANDROID PHONES. (cited 23 Oct, 2015).[Online] Available: http://m4d.colfinder.org/sites/default/files/Slides/M4D_Week2_sensors.pdf [26] Engineer’s Handbook. 2006. Mechanical Components - Sound Sensors. (cited Oct,2015).[Online]Available:http://www.engineershandbook.com/Components/soundsensors.html
2
[27] Technavio. (21 Jul 2014). Exploring Five Challenges in the Wearable Technology Market. (cited 31 Oct, 2015). [Online] Available: http://www.technavio.com/blog/exploring-five-challenges-inthewearable-technology-market [28] Julie F. (12 Nov, 2014). ISACA Survey: Most Consumers in Australia Aware of Major Data Breaches, But Fewer Than Half Have Changed Key Shopping Behaviors. (cited 4 Oct, 2015).[Online] Available: http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACASurveyMost-Consumers-in-Australia-Aware-of-Major-Data-Breaches-But-Fewer-Than-Half-HaveChangedShopping-Behaviors.aspx
[29] Nroseth. (27 Mar, 2015). Data Security in a Wearables World. (cited 4 Oct, 2015).[Online] Available: http://www.swatsolutions.com/data-security-in-a-wearables-world/ [30] Vangie B. cloud. (cited http://www.webopedia.com/TERM/C/cloud.html
4
Oct,
2015).[Online]
Available:
[31] David E. Sanger and Nicole P. (14 Feb 2015). Bank Hackers Steal Millions via Malware. (cited 17 Oct, 2015).[Online] Available: http://www.nytimes.com/2015/02/15/world/bank-hackers-stealmillionsvia-malware.html?_r [32] Michael C. Wearables security: Do enterprises need a separate WYOD policy? (cited 17 Oct, 2015).[Online] Available: http://searchsecurity.techtarget.com/answer/Wearables-security-Doenterprisesneed-a-separate-WYOD-policy [33] Mellisa T. (May 30, 2013). 4 Security Challenges for Fitbit, Google Glass + Other Wearable Devices.(cited 4 Oct, 2015).[Online] Available: http://siliconangle.com/blog/2013/05/30/4securitychallenges-for-fitbit-google-glass-other-wearable-devices/ [34] Kristi R. (22 Jul, 2015). HP Study Reveals Smartwatches Vulnerable to Attack. (cited 4 Oct, 2015).[Online] Available: http://www8.hp.com/us/en/hpnews/pressrelease.html?id=2037386#.Vi18G7crLIU [35] Eric Z. (14 May, 2015). Apple Watch, Android Wear Lack Theft Protection. (cited 17 Oct, 2015). [Online] Available: http://www.informationweek.com/it-life/apple-watch-android-wear-lacktheftprotection/a/d-id/1320430 [36]Apadmi. Apadmi’s Wearable Tech Study:Do Potential Customers Think Wearable Tech Poses a Privacy Risk? (cited 20 Oct, 2015).[Online] Available: http://www.apadmi.com/wearabletechnologytrends/wearable-tech privacy/#WTP-2 [37] Motti, V. and K. Caine, Users’ Privacy Concerns About Wearables, in Financial Cryptography and Data Security, M. Brenner, et al., Editors. 2015, Springer Berlin Heidelberg. p. 231-244. [38] Charles A. (01 May, 2013). Google Glass security failings may threaten owner's privacy. (cited 20 Oct, 2015).[Online] Available: http://www.theguardian.com/technology/2013/may/01/googleglasssecurity-privacy-risk [39] Michalevsky, Y., D. Boneh, and G. Nakibly. Gyrophone: Recognizing speech from gyroscope signals.in Proc. 23rd USENIX Security Symposium (SEC’14), USENIX Association. 2014. [40] Lisa E. (09 Oct, 2014). A New Wave Of Gadgets Can Collect Your Personal Information Like Never Before. (cited 22 Oct, 2015).[Online] Available: http://www.businessinsider.my/privacy-fitnesstrackerssmartwatches-2014-10/#GDuZGvtShqZO79S5.97 [41] Raij, A., et al., Privacy risks emerging from the adoption of innocuous wearable sensors in the mobile environment, in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2011, ACM: Vancouver, BC, Canada. p. 11-20. [42] Mano.T. (2014). Wearables and Quantified Self Demand Security-First Design. (cited 18 Feb,2016).[Online] Available: http://www.wired.com/insights/2014/10/wearables-security-first-design/
Citation Count –15
Big Data Security and Privacy Issues in the CLOUD Ali Gholami and Erwin Laure High Performance Computing and Visualization Department, KTH- Royal Institute of Technology, Stockholm, Sweden
ABSTRACT Many organizations demand efficient solutions to store and analyze huge amount of information. Cloud computing as an enabler provides scalable resources and significant economic benefits in the form of reduced operational costs. This paradigm raises a broad range of security and privacy issues that must be taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing environments. This paper reviews the existing technologies and a wide array of both earlier and stateofthe-art projects on cloud security and privacy. We categorize the existing research according to the cloud reference architecture orchestration, resource control, physical resource, and cloud service management layers, in addition to reviewing the recent developments for enhancing the Apache Hadoop security as one of the most deployed big data infrastructures. We also outline the frontier research on privacy-preserving data-intensive applications in cloud computing such as privacy threat modeling and privacy enhancing solutions.
KEYWORDS Cloud Security, Privacy, Trust, Big Data, Virtualization, Data Protection
For More Details : http://aircconline.com/ijnsa/V8N1/8116ijnsa04.pdf Volume Link : http://airccse.org/journal/jnsa16_current.html
REFERENCES [1] A. Szalay and J. Gray, “2020 Computing: Science in an exponential world,” Nature, vol. 440, pp.413– 414, Mar. 2006. [2] E. U. Directive, “95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data,” Official Journal of the EC, vol. 23, 1995. [3] U. States., “Health insurance portability and accountability act of 1996 [micro form]: conference report (to accompany h.r. 3103).” http://nla.gov.au/nla.catvn4117366, 1996. [4] “Hypervisors, virtualization, and the cloud: Learn about hypervisors, system virtualization, and how it works in a cloud environment.” Retrieved June 2015. [5] M. Portnoy, Virtualization Essentials. 1st ed., 2012.Alameda, CA, USA: SYBEX Inc., [6] P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” tech. rep., July 2009. [7] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, NIST Cloud Computing Reference Architecture: Recommendations of the National Institute of Standards and Technology (Special Publication 500-292). USA: CreateSpace Independent Publishing Platform, 2012. [8] R. Dua, A. Raja, and D. Kakadia, “Virtualization vs containerization to support paas,” in Cloud Engineering (IC2E), 2014 IEEE International Conference on, pp. 610–614, March 2014. [9] S. Ghemawat, H. Gobioff and S.-T. Leung , "The Google File System" , SOSP , 2003. [10] NIST Special Publication 500–291 version 2, NIST Cloud Computing Standards Roadmap, July 2013, Available at http://www.nist.gov/itl/cloud/publications.cfm. [11] C. Lynch, “Big data: How do your data grow?,” Nature, vol. 455, pp. 28–29, Sept. 2008 [12] B. Russell, “Realizing Linux Containers (LXC).” http://www.slideshare.net/BodenRussell/linuxcontainers-next-gen- virtualization-for-cloud-atl-summitar4-3-copy. Retrieved October 2015. [13] United Nations, “The Universal Declaration of http://www.un.org/en/documents/udhr/index.shtml, 1948. Retrieved August 2015.
Human
Rights.”
[14] A. Westin, Privacy and Freedom. New Jork Atheneum, 1967. [15] U. States., “Gramm-leach-bliley act.” http://www.gpo.gov/fdsys/pkg/PLAW106publ102/pdf/PLAW106publ102.pdf, November 1999. [16] U. S. F. Law, “Right to financial https://epic.org/privacy/rfpa/, 1978. privacy act of 1978.” [17] D. Bigo, G. Boulet, C. Bowden, S. Carrera, J. Jeandesboz, and A. Scherrer, “Fighting cyber crime and protecting privacy in the cloud.” European Parliament, Policy Department C: Citizens’ Rights and Constitutional Affairs, October 2012.
[18] S. Stalla-Bourdillon, “Liability exemptions wanted! internet intermediaries’ liability under uk law,” Journal of International Commercial Law and Technology, vol. 7, no. 4, 2012. [19] N. Mimura Gonzalez, M. Torrez Rojas, M. Maciel da Silva, F. Redigolo, T. Melo de Brito Carvalho, C. Miers, M. Naslund, and A. Ahmed, “A framework for authentication and authorization credentials in cloud computing,” in Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, pp. 509–516, July 2013. [20] R. Banyal, P. Jain, and V. Jain, “Multi-factor authentication framework for cloud computing,” in Computational Intelligence, Modelling and Simulation (CIMSim), 2013 Fifth International Conference on, pp. 105–110, Sept 2013. [21] R. Lomotey and R. Deters, “Saas authentication middleware for mobile consumers of iaas cloud,” in Services (SERVICES), 2013 IEEE Ninth World Congress on, pp. 448–455, June 2013. [22] H. Kim and S. Timm, “X.509 authentication and authorization in fermi cloud,” in Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on, pp. 732–737, Dec 2014. [23] B. Tang, R. Sandhu, and Q. Li, “Multi-tenancy authorization models for collaborative cloud services,” in Collaboration Technologies and Systems (CTS), 2013 International Conference on, pp. 132– 138, May 2013. [24] L. Zhou, V. Varadharajan, and M. Hitchens, “Integrating trust with cryptographic role-based access control for secure cloud data storage,” in Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, pp. 560–569, July 2013. [25] J. Sendor, Y. Lehmann, G. Serme, and A. Santana de Oliveira, “Platform level support for authorization in cloud services with oauth 2,” in Proceedings of the 2014 IEEE International Conference on Cloud Engineering, IC2E ’14, (Washington, DC, USA), pp. 458–465, IEEE Computer Society, 2014. [26] M. A. Leandro, T. J. Nascimento, D. R. dos Santos, C. M. Westphall, and C. B. Westphall, “Multitenancy authorization system with federated identity for cloud-based environments using shibboleth,” in Proceedings of the 11th International Conference on Networks, ICN 2012, pp. 88–93, 2012. [27] M. Stihler, A. Santin, A. Marcon, and J. Fraga, “Integral federated identity management for cloud computing,” in New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on, pp. 1–5, May 2012. [28] Dove, E. S, Y. Joly, A.-M. Tassé, P. P. P. in Genomics, S. P. I. S. Committee, I. C. G. C. I. Ethics, P. Committee, and B. M Knoppers, “Genomic cloud computing: legal and ethical points to consider,”European Journal of Human Genetics, August 2014. [29] E. Carlini, M. Coppola, P. Dazzi, L. Ricci, and G. Righetti, “Cloud federations in contrail,” in EuroPar 2011: Parallel Processing Workshops, vol. 7155 of Lecture Notes in Computer Science, pp. 159– 168, Springer Berlin Heidelberg, 2012. [30] W. Hummer, P. Gaubatz, M. Strembeck, U. Zdun, and S. Dustdar, “Enforcement of Entailment Constraints in Distributed Service-Based Business Processes,” Information and Software Technology, 2013.
[31] J. Gouveia, P. Crocker, S. Melo De Sousa, and R. Azevedo, “E-id authentication and uniform access to cloud storage service providers,” in Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on, vol. 1, pp. 487–492, Dec 2013. [32] G. Sipos, D. Scardaci, D. Wallom, and Y. Chen, “The user support programme and the training infrastructure of the egi federated cloud,” in High Performance Computing Simulation (HPCS), 2015 International Conference on, pp. 9–18, July 2015. [33] N. Santos, K. P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud’09, (Berkeley, CA, USA),USENIX Association, 2009. [34] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, “Terra: A virtual machine-based platform for trusted computing,” in Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP ’03, (New York, NY, USA), pp. 193–206, ACM, 2003. [35] R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang, and L. Zhuang, “Enabling security in cloud storage slas with cloudproof,” in Proceedings of the 2011 USENIX Conference on USENIX Annual Technical Conference, USENIX ATC’11, (Berkeley, CA, USA), pp. 31–31, USENIX Association,2011. [36] S. Zhu and G. Gong, “Fuzzy authorization for cloud storage,” Cloud Computing, IEEE Transactions on, vol. 2, pp. 422–435, Oct 2014. [37] D. Perez-Botero, J. Szefer, and R. B. Lee, “Characterizing hypervisor vulnerabilities in cloud computing servers,” in Proceedings of the 2013 International Workshop on Security in Cloud Computing, Cloud Computing ’13, (New York, NY, USA), pp. 3–10, ACM, 2013. [38] F. F. Brasser, M. Bucicoiu, and A.-R. Sadeghi, “Swap and play: Live updating hypervisors and its application to xen,” in Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, CCSW ’14, (New York, NY, USA), pp. 33–44, ACM, 2014. [39] C. Klein, A. Papadopoulos, M. Dellkrantz, J. Durango, M. Maggio, K.-E. Arzen, F. HernandezRodriguez, and E. Elmroth, “Improving cloud service re silience using brownout-aware loadbalancing,” in Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on, pp. 31–40, Oct 2014. [40] E. Lakew, L. Xu, F. Hernandez-Rodriguez, E. Elmroth, and C. Pahl, “A synchronization mechanism for cloud accounting systems,” in Cloud and Autonomic Computing (ICCAC), 2014 International Conference on, pp. 111–120, Sept 2014. [41] M. Anand, “Cloud monitor: Monitoring applications in cloud,” in Cloud Computing in Emerging Markets (CCEM), 2012 IEEE International Conference on, pp. 1–4, Oct 2012. [42] A. Brinkmann, C. Fiehe, A. Litvina, I. Lück, L. Nagel, K. Narayanan, F. Ostermair, and W.Thronicke, “Scalable monitoring system for clouds,” in Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing, UCC ’13, (Washington, DC, USA), pp.351– 356, IEEE Computer Society, 2013. [43] J. Nikolai and Y. Wang, “Hypervisor-based cloud intrusion detection system,” in Computing, Networking and Communications (ICNC), 2014 International Conference on, pp. 989–993, Feb 2014.
[44] C. Basescu, A. Carpen-Amarie, C. Leordeanu, A. Costan, and G. Antoniu, “Managing data access on clouds: A generic framework for enforcing security policies,” in Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on, pp. 459–466, March 2011. [45] H. Takabi and J. Joshi, “Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment,” in System Science (HICSS), 2012 45th Hawaii International Conference on, pp. 5500–5508, Jan 2012. [46] K. W. Hamlen, L. Kagal, and M. Kantarcioglu, “Policy enforcement framework for cloud data management.,” IEEE Data Eng. Bull., vol. 35, no. 4, pp. 39–45, 2012. [47] S. Pearson, V. Tountopoulos, D. Catteddu, M. Sudholt, R. Molva, C. Reich, S. Fischer-Hubner, C. Millard, V. Lotz, M. Jaatun, R. Leenes, C. Rong, and J. Lopez, “Accountability for cloud and other future internet services,” in Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, pp. 629–632, Dec 2012. [48] S. Fischer-Hubner, J. Angulo, and T. Pulls, “How can cloud users be supported in deciding on, tracking and controlling how their data are used?,” in Privacy and Identity Management for Emerging Services and Technologies (M. Hansen, J.-H. Hoepman, R. Leenes, and D. Whitehouse, eds.), vol. 421 of IFIP Advances in Information and Communication Technology, pp. 77–92, Springer Berlin Heidelberg, 2014. [49] E. Ayday, J. Raisaro, U. Hengartner, A. Molyneaux, and J.-P. Hubaux, “Privacy-preserving processing of raw genomic data,” in Data Privacy Management and Autonomous Spontaneous Security, vol. 8247 of Lecture Notes in Computer Science, pp. 133147, Springer Berlin Heidelberg, 2014. [50] E. Ayday, E. D. Cristofaro, J.-P. Hubaux and G. Tsudik "The chills and thrills of whole genome sequencing", Computer, vol. 99, pp.1, 2013. [51] Y. Huang and I. Goldberg, “Outsourced private information retrieval,” in Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES ’13, (New York, NY,USA), pp. 119–130, ACM, 2013. [52] K. Lauter, A. Lopez-Alt, and M. Naehrig, “Private computation on encrypted genomic data,” Tech. Rep. MSR-TR-2014-93, June 2014. [53] M. Gostev, J. Fernandez-Banet, J. Rung, J. Dietrich, I. Prokopenko, S. Ripatti, M. I. McCarthy, A. Brazma, and M. Krestyaninova, “SAIL - a software system for sample and phenotype availability across biobanks and cohorts,” Bioinformatics, vol. 27, no. 4, pp. 589591, 2011. [54] A. Gholami and E. Laure, “Advanced cloud privacy threat modeling,” The Fourth International Conference on Software Engineering and Applications (SEAS-2015), to be published in Computer Science Conference Proceedings in Computer Science and Information Technology (CS/IT) series. [55] A. Gholami, J. Dowling, and E. Laure, “A security framework for population-scale genomics analysis,” in High Performance Computing Simulation (HPCS), 2015 International Conference on,pp. 106–114, July 2015. [56] A. Gholami, A.-S. Lind, J. Reichel, J.-E. Litton, A. Edlund, and E. Laure, “Privacy threat modeling for emerging biobankclouds,” Procedia Computer Science, vol. 37, no. 0, pp. 489 – 496, 2014. The 5th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN2014)/The
4th International Conference on Current and Future Trends of Information and Communication Technologies in Healthcare (ICTH 2014)/ Affiliated Workshops. [57] A. Gholami, E. Laure, P. Somogyi, O. Spjuth, S. Niazi, and J. Dowling, “Privacy-preservation for publishing sample availability data with personal identifiers,” Journal of Medical and Bioengineering, vol. 4, pp. 117–125, April 2014. [58] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public auditing for data storage security in cloud computing,” in Proceedings of the 29th Conference on Information Communications, INFOCOM’10, (Piscataway, NJ, USA), pp. 525–533, IEEE Press, 2010. [59] A. Cavoukian, The Security-Privacy Paradox: Issues, misconceptions, and Strategies. https://www.ipc.on.ca/images/Resources/sec-priv.pdf, Retrieved November 2015. [60] A. Gholami, G. Svensson, E. Laure, M. Eickhoff, and G. Brasche, “Scabia: Scalable Brain Image Analysis in the Cloud,” in CLOSER 2013 - Proceedings of the 3rd International Conference on Cloud Computing and Services Science, Aachen, Germany, 8-10 May, 2013, pp. 329–336, 2013. [61] S. Sharma, “Evolution of as-a-service era in cloud,” CoRR, vol. abs/1507.00939, 2015. [62] S. Sharma, U. S. Tim, J. Wong, S. Gadia, “Proliferating Cloud Density through Big Data Ecosystem, Novel XCLOUDX Classification and Emergence of as-a-Service Era,” 2015 [63] S. Sharma, U. S. Tim, J. Wong, S. Gadia, S. Sharma, “A Brief Review on Leading Big Data Models,” Data Science Journal, 13(0), 138-157. 2014. [64] S. Sharma, U. S. Tim, J. Wong, S. Gadia, R. Shandilya, S. K. Peddoju, “Classification and comparison of NoSQL big data models,” International Journal of Big Data Intelligence (IJBDI), Vol.2, No. 3, 2015. [65] S. Sharma, R. Shandilya, S. Patnaik, A. Mahapatra, “Leading NoSQL models for handling Big Data: a brief review,” International Journal of Business Information Systems, Inderscience, 2015. [66] A. Gholami, J. Dowling, L. Dimitrova, and R. M. Martinez, “Security Toolset Implementation (alpha version) of the Scalable, Secure Storage BiobankCloud.” Deliverable D3.3, Submitted to the European Commission, 2015. [67] Cloud Security Alliance (CSA), “Security Guidance for Critical Areas of Focus in Cloud Computing” version 3, 2011. Available at: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf [68] Cloud Security Alliance (CSA), “The Notorious Nine: Cloud Computing Top Threats in 2013”. Available at: https://cloudsecurityalliance.org. [69] S. Pearson, “Privacy, security and trust in cloud computing,” in Privacy and Security for Cloud Computing, Computer Communications and Networks, pp. 3–42, Springer London, 2013. [70] S. Rusitschka and A. Ramirez, “Big Data Technologies http://byteproject.eu/research/, Deliverable D1.4, Version 1.1, Sept. 2014.
and
Infrastructures.”
[71] Telecommunications Act of 1996, No. 104-104, 110 Stat. 56, 1996. Available at: http://transition.fcc.gov/Reports/tcom1996.pdf.
[72] NIST Special Publication 15001–291 version 1, Definitions and Taxonomies Subgroup, September 2015, Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-1.pdf. [73] Hadoop Security Model, http://www.infoq.com/articles/HadoopSecurityModel, Retrieved February 2015. [74] G. Dreo, M. Golling, W. Hommel, and F. Tietze, “Iceman: An architecture for secure federated intercloud identity management,” in Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on,pp. 1207–1210, May 2013. [75] Project Rhino, https://github.com/intel-hadoop/project-rhino, Retrieved June2014. [76] Apache Knox, https://knox.apache.org/, Retrieved February 2015. [77] Apache Ranger, http://ranger.incubator.apache.org/, Retrieved February 2015. [78] Apache Sentry, https://blogs.apache.org/sentry/entry/getting_started, Retrieved February 2015. [79] Y. Xianqing, P. Ning, and M. Vouk, “Enhancing security of hadoop in a public cloud,” in Information and Communication Systems (ICICS), 2015 6th International Conference on, pp. 38–43, April 2015. [80] E. Bertino, “Big data - security and privacy,” in 2015 IEEE International Congress on Big Data, New York City, NY, USA, June 27 - July 2, 2015, pp. 757–761, 2015. [81] Devaraj Das, Owen O'Malley,Sanjay Radia, Kan Zhang, Adding Security to Apache Hadoop http://hortonworks.com/wp-content/uploads/2011/10/security-design_withCover-1.pdf.
AUTHORS Ali Gholami is a PhD student at the KTH Royal Institute of Technology. His research interests include the use of data structures and algorithms to build adaptive data management systems. Another area of his research focuses on the security concerns associated with cloud computing. He is currently exploring strong and usable security factors to enable researchers to process sensitive data in the cloud. Professor Erwin Laure is Director of the PDC - Center for High Performance Computing Center at KTH, Stockholm. He is the Coordinator of the EC-funded "EPiGRAM" and "ExaFLOW" projects as well as of the HPC Centre of Excellence for Bio-molecular Research "BioExcel" and actively involved in major e-infrastructure projects (EGI, PRACE, EUDAT) as well as exascale computing projects. His research interests include programming environments, languages, compilers and runtime systems for parallel and distributed computing, with a focus on exascale computing.
Citation Count – 09
An Intelligent Classification Model for Phishing Email Detection Adwan Yasin and Abdelmunem Abuhasan College of Engineering and Information Technology, Arab American University, Palestine
ABSTRACT Phishing attacks are one of the trending cyber-attacks that apply socially engineered messages that are communicated to people from professional hackers aiming at fooling users to reveal their sensitive information, the most popular communication channel to those messages is through users’ emails. This paper presents an intelligent classification model for detecting phishing emails using knowledge discovery, data mining and text processing techniques. This paper introduces the concept of phishing terms weighting which evaluates the weight of phishing terms in each email. The pre-processing phase is enhanced by applying text stemming and WordNet ontology to enrich the model with word synonyms. The model applied the knowledge discovery procedures using five popular classification algorithms and achieved a notable enhancement in classification accuracy; 99.1% accuracy was achieved using the Random Forest algorithm and 98.4% using J48, which is –to our knowledge- the highest accuracy rate for an accredited data set. This paper also presents a comparative study with similar proposed classification techniques.
KEYWORDS phishing, data mining, email classification, Random Forest, J48.
For More Details : http://aircconline.com/ijnsa/V8N4/8416ijnsa05.pdf Volume Link : http://airccse.org/journal/jnsa16_current.html
REFERENCES [1] X. Dong, J. Clark, and J. Jacob, “Modelling user-phishing interaction”, in Human System Interactions, 2008 Conference on, may 2008, pp. 627–632. [2] Phishing Activity Trends Report, http://docs.apwg.org/reports/apwg_trends_report_q1-q3_2015.pdf, Accessed June 2016. [3] https://security.googleblog.com/2014/11/behind-enemy-lines-in-our-war-against.html , Accessed June 2016. [4] Limited Dictionary Builder: An Approach to Select Representative Tokens for Malicious URLs Detection, IEEE ICC 2015 - Communication and Information Systems Security Symposium. [5] Sukhjeel Kaui and Amrit Kaur, “Detecting of phishing web pages using weights computed through Genetic Algorithm”, IEEE 3rd International Conference on MOOCs, Innovation and Technology in Education (MITE), 2015. [6] Lv Fang, Wang Bailing, Huang Junheng, Sun Yushan, Wei Yuliang, “A Proactive Discovery and Filtering Solution on Phishing Websites”, IEEE International Conference on Big Data (Big Data),2015. [7] Binay Kumar, Pankaj Kumar, Ankit Mundra, Shikha Kabra, “DC Scanner: Detecting Phishing Attack”, IEEE Third International Conference on Image Information Processing, 2015. [8] Sami Smadi, Nauman Aslam, Li Zhang, Rafe Alasem, M A Hossain, “Detection of Phishing Emails using Data Mining Algorithms”, 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA), 2015. [9] Zheng Dong, Apu Kapadia, Jim Blythe, L. Jean Camp, “Beyond the Lock Icon: Real-time Detection of Phishing Websites Using Public Key Certificates”, APWG Symposium on Electronic Crime Research (eCrime), 2015. [10] S. Chiasson, E. Stobert, A. Forget, R. Biddle, and P. C. van Oorschot, “Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism,” IEEE Trans. on Dependable and Secure Computing, vol. 9, no. 2, pp. 222–235, 2012. [11] R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical Passwords: Learning from the First Twelve Years,” ACM Computing Surveys, vol. 44, no. 4, 2012. [12] R. Jhawar, P. Inglesant, N. Courtois, and M. A. Sasse, “Make mine a quadruple: Strengthening the security of graphical one-time pin authentication,” in Proc. NSS 2011, pp. 81–88. [13] RSA, “RSA SecurID Two-factor Authentication,”2011,www.rsa.com/products/securid/sb/10695_SIDTFA_SB_0210.pdf. , Accessed June 2016. [14] Cronto, www.cronto.com/. Accessed June 2016. [15] E. Gal´an and J.C. Hern andez Castro and A. Alcaide and A. Ribagorda, “A Strong Authentication Protocol based on Portable One–Time Dynamic URLs”, IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology. 2010.
[16] Mengjun Xie, Yanyan Li, Kenji Yoshigoe, Remzi Seker, Jiang Bian, “CamAuth: Securing Web Authentication with Camera”, IEEE 16th International Symposium on High Assurance Systems Engineering, 2015. [17] http://www.google.com/landing/2step/. Accessed June 2016. [18] A. Czeskis, M. Dietz, T. Kohno, D. Wallach, and D. Balfanz, “Strengthening user authentication through opportunistic cryptographic identity assertions,” in Proceedings of the 2012 ACM conference on Computer and communications security, ser. CCS ’12, 2012, pp. 404–414. [19] Ben Dodson, Debangsu Sengupta, Dan Boneh, and Monica S. Lam, “Secure, Consumer-Friendly Web Authentication and Payments with a Phone”. http://mobisocial.stanford.edu/papers/mobicase10s.pdf,Accessed June 2016. [20] Rachna Dhamija, J. D. Tygar, Marti Hearst, “Why Phishing Works”, CHI-2006: Conference on Human Factors in Computing Systems, 2006. [21] Julie S. Downs, Mandy B. Holbrook, Lorrie Faith Cranor, “Decision Strategies and Susceptibility to Phishing”, Symposium On Usable Privacy and Security (SOUPS), July 12-14, 2006, Pittsburgh, PA, USA [22] F. Toolan and J. Carthy, “Phishing detection using classifier ensembles,” in eCrime Researchers Summit, 2009. eCRIME’09. IEEE, 2009, pp.1–9. [23] Mayank Pandey and Vadlamani Ravi, “Detecting phishing e-mails using Text and Data mining”, IEEE International Conference on Computational Intelligence and Computing Research 2012. [24] Sunil B. Rathod, Tareek M. Pattewar, “Content Based Spam Detection in Email using Bayesian Classifier”, IEEE ICCSP conference, 2015. [25] Lew May Form, Kang Leng Chiew, San Nah Szeand Wei King Tiong, “Phishing Email Detection Technique by using Hybrid Features”, IT in Asia (CITA), 9th International Conference, 2015. [26] Tareek M. Pattewar, Sunil B. Rathod, “A Comparative Performance Evaluation of Content Based Spam and Malicious URL Detection in E-mail”, IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS), 2015. [27] Prajakta Ozarkar, & Dr. Manasi Patwardhan,” Efficient Spam Classification by Appropriate Feature Selection”, International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6375(Online) Volume 4, Issue 3, May – June (2013). [28] Gaurav Kumar Tak1 and Gaurav Ojha2, “MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF KNOWLEDGE BASES”, International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013 [29] Usama Fayyad, Gregory Piatetsky Shapiro and Padhraic Smyth “Knowledge Discovery and Data Mining: Towards a Unifying Framework”, KDD-96 Proceedings, 1996. [30]
J.Mason,“The apache spamassassin 2005,http://spamassassin.apache.org/publiccorpus/. Accessed June 2016.
public
[31] J. Nazario, “Phishing Corpus”, https://monkey.org/~jose/phishing/ , Accessed June 2016.
corpus,”
[32] Pal, N.R., Jain, L.C., (Eds.), “Advanced Techniques in Knowledge Discovery and Data Mining”, Springer Verlag,2005. [33] Porter, M.F. (1980), “An algorithm for suffix stripping”, Program, Vol. 14 No.3, pp. 130-137. [34] George A. Miller (1995). WordNet: A Lexical Database for English. Communications of the ACM Vol. 38, No. 11: 39-41. [35] ark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, Ian H. Witten (2009);The WEKA Data Mining Software: An Update; SIGKDD Explorations, Volume 11, Issue 1. [36] M. Khonji, Y. Iraqi, and A. Jones, “Enhancing phishing e-mail classifiers: A lexical url analysis approach,” International Journal for Information Security Research (IJISR), vol. 2, no. 1/2, 2012. [37] W. N. Gansterer and D. P¨olz, “E-mail classification for phishing defence”, in Advances in Information Retrieval. Springer, 2009, pp. 449–460. [38] M. Chandrasekaran, K. Narayanan, and S. Upadhyaya, “Phishing email detection based on structural properties,” in NYS Cyber Security Conference, 2006, pp. 1–7. [39] L. Ma, B. Ofoghi, P. Watters, and S. Brown, “Detecting phishing emails using hybrid features,” in Ubiquitous, Autonomic and Trusted Computing, 2009. UIC-ATC’09. Symposia and Workshops on. IEEE, 2009, pp. 493–497. [40] I. R. A. Hamid and J. Abawajy, “Hybrid feature selection for phishing email detection,” in Algorithms and Architectures for Parallel Processing. Springer, 2011, pp. 266–275.
AUTHORS Adwan Yasin is an associate Professor, Former dean of Faculty of Engineering and Information Technology of the Arab American University of Jenin, Palestine. Previously he worked at Philadelphia and Zarka Private University, Jordan. He received his PhD degree from the National Technical University of Ukraine in 1996. His research interests include Computer Networks, Computer Architecture, Cryptography and Networks Security. Abdelmunem Abuhasan is a Master student at the Arab American University with particular interests in computer security, web security and software engineering. He is working since ten years as the manager of software development department at the Arab American University. He holds a B.A. in Computer Science from the Arab American University.
Citation Count – 06
A Benchmark for Designing Usable and Secure Text-Based Captchas Suliman A. Alsuhibany Computer Science Department, College of Computer, Qassim University, Buridah, Saudi Arabia
ABSTRACT An automated public Turing test to distinguish between computers and humans known as CAPTCHA is a widely used technique on many websites to protect their online services from malicious users. Two fundamental aspects of captcha considered in various studies in the literature are robustness and usability. A widely accepted standard benchmark, to guide the text-based captcha developers is not yet available. So this paper proposes a benchmark for designing usable-secure text-based captchas based on a community driven evaluation of the usability and security aspects. Based on this benchmark, we develop four new textbased captcha schemes, and conduct two separate experiments to evaluate both the security and usability perspectives of the developed schemes. The result of this evaluation indicates that the proposed benchmark provides a basis for designing usable-secure text-based captchas.
KEYWORDS Text-Based CAPTCHA, security, usability, benchmark
For More Details : http://aircconline.com/ijnsa/V8N4/8416ijnsa04.pdf Volume Link : http://airccse.org/journal/jnsa16_current.html
REFERENCES [1] Von Ahn, L., Blum, M. and Langford, J., 2004. Telling humans and computers apart automatically.Communications of the ACM, 47(2), pp.56-60. [2] ur Rizwan, R., 2012. Survey on captcha systems.Journal of Global Research in Computer Science,3(6), pp.54-58. [3] Roshanbin, N. and Miller, J., 2013. A survey and analysis of current CAPTCHA approaches. Journal of Web Engineering, 12(1-2), pp.1-40. [4] Chellapilla, K., Larson, K., Simard, P. and Czerwinski, M., 2005, April. Designing human friendly human interaction proofs (HIPs). InProceedings of the SIGCHI conference on Human factors in computing systems (pp. 711-720). ACM. [5] Yan, J. and El Ahmad, A.S., 2008, July. Usability of CAPTCHAs or usability issues in CAPTCHA design. In Proceedings of the 4th symposium on Usable privacy and security (pp. 44-52). ACM. [6] Yan, J. and El Ahmad, A.S., 2008, October. A Low-cost Attack on a Microsoft CAPTCHA. InProceedings of the 15th ACM conference on Computer and communications security (pp. 543-554). ACM. [7] Huang, S.Y., Lee, Y.K., Bell, G. and Ou, Z.H., 2010. An efficient segmentation algorithm for CAPTCHAs with line cluttering and character warping. Multimedia Tools and Applications, 48(2),pp.267-289. [8] El Ahmad, A.S., Yan, J. and Marshall, L., 2010, April. The robustness of a new CAPTCHA. InProceedings of the Third European Workshop on System Security (pp. 36-41). ACM. [9] Bursztein, E., Martin, M. and Mitchell, J., 2011, October. Text-based CAPTCHA strengths and weaknesses. In Proceedings of the 18th ACM conference on Computer and communications security (pp. 125-138). ACM. [10] Mori, G. and Malik, J., 2003, June. Recognizing objects in adversarial clutter: Breaking a visual CAPTCHA. In Computer Vision and Pattern Recognition, 2003. Proceedings. 2003 IEEE Computer Society Conference on (Vol. 1, pp. I-134). IEEE. [11] Alsuhibany, S.A., 2011, August. Optimising Captcha Generation. In Availability, Reliability and Security (ARES), 2011 Sixth International Conference on (pp. 740-745). IEEE. [12] Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C. and Jurafsky, D., 2010, May. How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation. In IEEE Symposium on Security and Privacy (pp. 399-413). [13] Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C. and Jurafsky, D., 2014, April. Easy does it: more usable CAPTCHAs. InProceedings of the 32nd annual ACM conference on Human factors in computing systems (pp. 2637-2646). ACM. [14] Kluever, K.A. and Zanibbi, R., 2009, July. Balancing usability and security in a video CAPTCHA. In Proceedings of the 5th Symposium on Usable Privacy and Security (p. 14). ACM.
[15] Xu, Y., Reynaga, G., Chiasson, S., Frahm, J.M., Monrose, F. and Van Oorschot, P., 2012. Security and usability challenges of moving-object CAPTCHAs: decoding codewords in motion. InPresented as part of the 21st USENIX Security Symposium (USENIX Security 12) (pp. 49-64). [16] Nielsen, J., 2003. Usability 101: Introduction to usability. [17] Wilkins, J., 2009. Strong captcha guidelines v1. 2.Retrieved Nov, 10(2010), p.8. [18] Yan, J. and El Ahmad, A.S., 2007, December. Breaking visual captchas with naive pattern recognition algorithms. In Computer Security Applications Conference, 2007. ACSAC 2007. TwentyThird Annual (pp. 279-291). IEEE. [19] Bursztein, E., Aigrain, J., Moscicki, A. and Mitchell, J.C., 2014. The end is nigh: generic solving of text-based CAPTCHAs. In 8th USENIX Workshop on Offensive Technologies (WOOT 14). [20] Gao, H., Yan, J., Cao, F., Zhang, Z., Lei, L., Tang, M., Zhang, P., Zhou, X., Wang, X. and Li, J., 2016. A Simple Generic Attack on Text Captchas. InProc. Network and Distributed System Security Symposium (NDSS). San Diego, USA.
AUTHORS Suliman Alsuhibany, PhD, is an assistant professor in the Computer Science department and the head of the department at Qassim University, Saudi Arabia. He received his PhD in information security from Newcaslte University, UK, and MSc in computer security and resilience from Newcastle University, UK.