 |
Time Frequency Analysis |
A search for articles combining research in time frequency analysis and security produced nearly 3500 results. The works cited here only scratch the surface. They appear to have useful implications for the science of security.
Koga, H.; Honjo, S., "A Secret Sharing Scheme Based On A Systematic Reed-Solomon Code And Analysis Of Its Security For A General Class Of Sources," Information Theory (ISIT), 2014 IEEE International Symposium on, pp. 1351, 1355, June 29 2014-July 4 2014. doi: 10.1109/ISIT.2014.6875053 In this paper we investigate a secret sharing scheme based on a shortened systematic Reed-Solomon code. In the scheme L secrets S1, S2, ..., SL and n shares X1, X2, ..., Xn satisfy certain n - k + L linear equations. Security of such a ramp secret sharing scheme is analyzed in detail. We prove that this scheme realizes a (k; n)-threshold scheme for the case of L = 1 and a ramp (k, L, n)-threshold scheme for the case of 2 ≤ L ≤ k - 1 under a certain assumption on S1, S2, ..., SL.
Keywords: Reed-Solomon codes; telecommunication security; linear equations ;ramp secret sharing scheme; shorten systematic Reed-Solomon code; Cryptography; Equations; Probability distribution; Random variables; Reed-Solomon codes (ID#: 15-3673)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6875053&isnumber=6874773
Liu, Y.; Hatzinakos, D., "Earprint: Transient Evoked Otoacoustic Emission for Biometrics," Information Forensics and Security, IEEE Transactions on, vol. 9, no. 12, pp. 2291, 2301, Dec. 2014. doi: 10.1109/TIFS.2014.2361205 Biometrics is attracting increasing attention in privacy and security concerned issues, such as access control and remote financial transaction. However, advanced forgery and spoofing techniques are threatening the reliability of conventional biometric modalities. This has been motivating our investigation of a novel yet promising modality transient evoked otoacoustic emission (TEOAE), which is an acoustic response generated from cochlea after a click stimulus. Unlike conventional modalities that are easily accessible or captured, TEOAE is naturally immune to replay and falsification attacks as a physiological outcome from human auditory system. In this paper, we resort to wavelet analysis to derive the time-frequency representation of such nonstationary signal, which reveals individual uniqueness and long-term reproducibility. A machine learning technique linear discriminant analysis is subsequently utilized to reduce intrasubject variability and further capture intersubject differentiation features. Considering practical application, we also introduce a complete framework of the biometric system in both verification and identification modes. Comparative experiments on a TEOAE data set of biometric setting show the merits of the proposed method. Performance is further improved with fusion of information from both ears.
Keywords: Auditory system; Biometrics (access control); Ear; Feature extraction; Probes; Time-frequency analysis; Vectors; Robust Biometric Modality; Robust biometric modality; Time-frequency Analysis; Transient Evoked Otoacoustic Emission; biometric fusion ;linear discriminant analysis; time-frequency analysis; transient evoked otoacoustic emission (ID#: 15-3674)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6914592&isnumber=6953163
Guang Hua; Goh, J.; Thing, V.L.L., "A Dynamic Matching Algorithm for Audio Timestamp Identification Using the ENF Criterion," Information Forensics and Security, IEEE Transactions on, vol. 9, no. 7, pp.1045, 1055, July 2014. doi: 10.1109/TIFS.2014.2321228 The electric network frequency (ENF) criterion is a recently developed technique for audio timestamp identification, which involves the matching between extracted ENF signal and reference data. For nearly a decade, conventional matching criterion has been based on the minimum mean squared error (MMSE) or maximum correlation coefficient. However, the corresponding performance is highly limited by low signal-to-noise ratio, short recording durations, frequency resolution problems, and so on. This paper presents a threshold-based dynamic matching algorithm (DMA), which is capable of autocorrecting the noise affected frequency estimates. The threshold is chosen according to the frequency resolution determined by the short-time Fourier transform (STFT) window size. A penalty coefficient is introduced to monitor the autocorrection process and finally determine the estimated timestamp. It is then shown that the DMA generalizes the conventional MMSE method. By considering the mainlobe width in the STFT caused by limited frequency resolution, the DMA achieves improved identification accuracy and robustness against higher levels of noise and the offset problem. Synthetic performance analysis and practical experimental results are provided to illustrate the advantages of the DMA.
Keywords: Fourier transforms; audio recording; correlation methods; frequency estimation; mean square error methods; ENF criterion; MMSE;S TFT; audio timestamp identification; autocorrection process; dynamic matching; electric network frequency criterion; extracted ENF signal; frequency estimates; frequency resolution problems; maximum correlation coefficient; minimum mean squared error; reference data; short recording durations; short-time Fourier transform; signal-to-noise ratio; window size; Correlation; Estimation; Frequency estimation; Signal resolution; Signal to noise ratio; Time-frequency analysis; Electric network frequency (ENF); audio authentication; audio forensics; timestamp identification (ID#: 15-3675)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6808537&isnumber=6819111
Sousa, J.; Vilela, J.P., "A Characterization Of Uncoordinated Frequency Hopping For Wireless Secrecy," Wireless and Mobile Networking Conference (WMNC), 2014 7th IFIP, pp.1,4, 20-22 May 2014 doi: 10.1109/WMNC.2014.6878885 We characterize the secrecy level of communication under Uncoordinated Frequency Hopping, a spread spectrum scheme where a transmitter and a receiver randomly hop through a set of frequencies with the goal of deceiving an adversary. In our work, the goal of the legitimate parties is to land on a given frequency without the adversary eavesdroppers doing so, therefore being able to communicate securely in that period, that may be used for secret-key exchange. We also consider the effect on secrecy of the availability of friendly jammers that can be used to obstruct eavesdroppers by causing them interference. Our results show that tuning the number of frequencies and adding friendly jammers are effective countermeasures against eavesdroppers.
Keywords: cryptography; jamming; radio receivers; radio transmitters; spread spectrum communication; telecommunication security; communication secrecy level; interference; secret-key exchange; spread spectrum scheme; uncoordinated frequency hopping characterization; wireless secrecy; wireless transmissions; Interference; Jamming; Security; Spread spectrum communication; Throughput; Time-frequency analysis; Wireless communication (ID#: 15-3676)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6878885&isnumber=6878843
Esquef, P.A.A.; Apolinario, J.A.; Biscainho, L.W.P., "Edit Detection in Speech Recordings via Instantaneous Electric Network Frequency Variations," Information Forensics and Security, IEEE Transactions on, vol. 9, no. 12, pp. 2314, 2326, Dec. 2014. doi: 10.1109/TIFS.2014.2363524 In this paper, an edit detection method for forensic audio analysis is proposed. It develops and improves a previous method through changes in the signal processing chain and a novel detection criterion. As with the original method, electrical network frequency (ENF) analysis is central to the novel edit detector, for it allows monitoring anomalous variations of the ENF related to audio edit events. Working in unsupervised manner, the edit detector compares the extent of ENF variations, centered at its nominal frequency, with a variable threshold that defines the upper limit for normal variations observed in unedited signals. The ENF variations caused by edits in the signal are likely to exceed the threshold providing a mechanism for their detection. The proposed method is evaluated in both qualitative and quantitative terms via two distinct annotated databases. Results are reported for originally noisy database signals as well as versions of them further degraded under controlled conditions. A comparative performance evaluation, in terms of equal error rate (EER) detection, reveals that, for one of the tested databases, an improvement from 7% to 4% EER is achieved, respectively, from the original to the new edit detection method. When the signals are amplitude clipped or corrupted by broadband background noise, the performance figures of the novel method follow the same profile of those of the original method.
Keywords: Databases; Estimation; Forensics; Frequency estimation; Noise; Noise measurement; Time-frequency analysis; Acoustical signal processing; edit detection; instantaneous frequency; spectral analysis; voice activity detection (ID#: 15-3677)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6926817&isnumber=6953163
Pukkawanna, S.; Hazeyama, H.; Kadobayashi, Y.; Yamaguchi, S., "Investigating the Utility Of S-Transform For Detecting Denial-Of-Service And Probe Attacks," Information Networking (ICOIN), 2014 International Conference on, pp.282, 287, 10-12 Feb. 2014. doi: 10.1109/ICOIN.2014.6799482 Denial-of-Service (DoS) and probe attacks are growing more modern and sophisticated in order to evade detection by Intrusion Detection Systems (IDSs) and to increase the potent threat to the availability of network services. Detecting these attacks is quite tough for network operators using misuse-based IDSs because they need to see through attackers and upgrade their IDSs by adding new accurate attack signatures. In this paper, we proposed a novel signal and image processing-based method for detecting network probe and DoS attacks in which prior knowledge of attacks is not required. The method uses a time-frequency representation technique called S-transform, which is an extension of Wavelet Transform, to reveal abnormal frequency components caused by attacks in a traffic signal (e.g., a time-series of the number of packets). Firstly, S-Transform converts the traffic signal to a two-dimensional image which describes time-frequency behavior of the traffic signal. The frequencies that behave abnormally are discovered as abnormal regions in the image. Secondly, Otsu's method is used to detect the abnormal regions and identify time that attacks occur. We evaluated the effectiveness of the proposed method with several network probe and DoS attacks such as port scans, packet flooding attacks, and a low-intensity DoS attack. The results clearly indicated that the method is effective for detecting the probe and DoS attack streams which were generated to real-world Internet.
Keywords: Internet; computer network security; telecommunication traffic; time-frequency analysis; wavelet transforms; DoS attacks;I DS; Internet; Otsu method; S-transform; accurate attack signatures; denial-of-service detection; frequency components; image processing method; intrusion detection systems; probe attacks; signal processing method; time-frequency representation technique; traffic signal; two-dimensional image; wavelet transform; Computer crime; Internet; Ports (Computers);Probes; Time-frequency analysis; Wavelet transforms (ID#: 15-3678)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6799482&isnumber=6799467
Rahayu, T.M.; Sang-Gon Lee; Hoon-Jae Lee, "Security Analysis Of Secure Data Aggregation Protocols In Wireless Sensor Networks," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.471, 474, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779005 In order to conserve wireless sensor network (WSN) lifetime, data aggregation is applied. Some researchers consider the importance of security and propose secure data aggregation protocols. The essential of those secure approaches is to make sure that the aggregators aggregate the data in appropriate and secure way. In this paper we give the description of ESPDA (Energy-efficient and Secure Pattern-based Data Aggregation) and SRDA (Secure Reference-Based Data Aggregation) protocol that work on cluster-based WSN and the deep security analysis that are different from the previously presented one.
Keywords: protocols; telecommunication security; wireless sensor networks; ESPDA protocol; SRDA protocol; WSN lifetime; cluster-based WSN; deep security analysis; energy-efficient and secure pattern-based data aggregation protocol; secure reference-based data aggregation protocol; wireless sensor network lifetime; Authentication; Cryptography; Energy efficiency; Peer-to-peer computing; Protocols; Wireless sensor networks; Data aggregation protocol; ESPDA; SRDA; WSN; secure data aggregation protocol}, (ID#: 15-3679)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779005&isnumber=6778899
Rezvani, M.; Ignjatovic, A.; Bertino, E.; Jha, S., "Provenance-Aware Security Risk Analysis For Hosts And Network Flows," Network Operations and Management Symposium (NOMS), 2014 IEEE, pp.1, 8, 5-9 May 2014. doi: 10.1109/NOMS.2014.6838250 Detection of high risk network flows and high risk hosts is becoming ever more important and more challenging. In order to selectively apply deep packet inspection (DPI) one has to isolate in real time high risk network activities within a huge number of monitored network flows. To help address this problem, we propose an iterative methodology for a simultaneous assessment of risk scores for both hosts and network flows. The proposed approach measures the risk scores of hosts and flows in an interdependent manner; thus, the risk score of a flow influences the risk score of its source and destination hosts, and also the risk score of a host is evaluated by taking into account the risk scores of flows initiated by or terminated at the host. Our experimental results show that such an approach not only effective in detecting high risk hosts and flows but, when deployed in high throughput networks, is also more efficient than PageRank based algorithms.
Keywords: computer network security; risk analysis; deep packet inspection; high risk hosts; high risk network flows; provenance aware security risk analysis; risk score; Computational modeling; Educational institutions; Iterative methods; Monitoring; Ports (Computers); Risk management; Security (ID#: 15-3680)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838250&isnumber=6838210
Zahid, A.; Masood, R.; Shibli, M.A., "Security of Sharded NoSQL Databases: A Comparative Analysis," Information Assurance and Cyber Security (CIACS), 2014 Conference on, pp. 1, 8, 12-13 June 2014. doi: 10.1109/CIACS.2014.6861323 NoSQL databases are easy to scale-out because of their flexible schema and support for BASE (Basically Available, Soft State and Eventually Consistent) properties. The process of scaling-out in most of these databases is supported by sharding which is considered as the key feature in providing faster reads and writes to the database. However, securing the data sharded over various servers is a challenging problem because of the data being distributedly processed and transmitted over the unsecured network. Though, extensive research has been performed on NoSQL sharding mechanisms but no specific criterion has been defined to analyze the security of sharded architecture. This paper proposes an assessment criterion comprising various security features for the analysis of sharded NoSQL databases. It presents a detailed view of the security features offered by NoSQL databases and analyzes them with respect to proposed assessment criteria. The presented analysis helps various organizations in the selection of appropriate and reliable database in accordance with their preferences and security requirements.
Keywords: SQL; security of data; BASE; NoSQL sharding mechanisms; assessment criterion; security features; sharded NoSQL databases; Access control; Authentication; Distributed databases; Encryption; Servers; Comparative Analysis; Data and Applications Security; Database Security; NoSQL; Sharding (ID#: 15-3681)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6861323&isnumber=6861314
Hongzhen Du; Qiaoyan Wen, "Security Analysis Of Two Certificateless Short Signature Schemes," Information Security, IET, vol. 8, no.4, pp.230, 233, July 2014. doi: 10.1049/iet-ifs.2013.0080 Certificateless public key cryptography (CL-PKC) combines the advantage of both traditional PKC and identity-based cryptography (IBC) as it eliminates the certificate management problem in traditional PKC and resolves the key escrow problem in IBC. Recently, Choi et al. and Tso et al. proposed two different efficient CL short signature schemes and claimed that the two schemes are secure against super adversaries and satisfy the strongest security. In this study, the authors show that both Choi et al.'s scheme and Tso et al.'s scheme are insecure against the strong adversaries who can replace users' public keys and have access to the signing oracle under the replaced public keys.
Keywords: digital signatures; public key cryptography; CL short signature schemes; CL-PKC; IBC; certificate management problem; certificateless public key cryptography; certificateless short signature schemes; identity-based cryptography; key escrow problem; security analysis; user public keys (ID#: 15-3682)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842408&isnumber=6842405
Wenli Liu; Xiaolong Zheng; Tao Wang; Hui Wang, "Collaboration Pattern and Topic Analysis on Intelligence and Security Informatics Research," Intelligent Systems, IEEE, vol.29, no. 3, pp. 39, 46, May-June 2014. doi: 10.1109/MIS.2012.106 In this article, researcher collaboration patterns and research topics on Intelligence and Security Informatics (ISI) are investigated using social network analysis approaches. The collaboration networks exhibit scale-free property and small-world effect. From these networks, the authors obtain the key researchers, institutions, and three important topics.
Keywords: groupware; security of data; social networking (online);collaboration pattern; intelligence and security informatics research; scale-free property; small-world effect; social network analysis approach; topic analysis; Collaboration; Computer security; Informatics; Intelligent systems; Network security; Social network services; Terrorism; ISI; Intelligence and Security Informatics; intelligent systems; social network analysis; topic analysis (ID#: 15-3683)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6357170&isnumber=6871688
Sasidharan, B.; Kumar, P.V.; Shah, N.B.; Rashmi, K.V.; Ramachandran, K., "Optimality of the Product-Matrix Construction For Secure MSR Regenerating Codes," Communications, Control and Signal Processing (ISCCSP), 2014 6th International Symposium on, pp. 10, 14, 21-23 May 2014. doi: 10.1109/ISCCSP.2014.6877804 In this paper, we consider the security of exact-repair regenerating codes operating at the minimum-storage-regenerating (MSR) point. The security requirement (introduced in Shah et. al.) is that no information about the stored data file must be leaked in the presence of an eavesdropper who has access to the contents of ℓ1 nodes as well as all the repair traffic entering a second disjoint set of ℓ2 nodes. We derive an upper bound on the size of a data file that can be securely stored that holds whenever ℓ2 ≤ d - k + 1. This upper bound proves the optimality of the product-matrix-based construction of secure MSR regenerating codes by Shah et. al.
Keywords: encoding; matrix algebra; MSR point; data file; eavesdropper; exact repair regenerating code security; minimum storage regenerating point; product matrix; product matrix construction; repair traffic; secure MSR regenerating codes; Bandwidth; Data collection; Entropy; Maintenance engineering; Random variables; Security; Upper bound; MSR codes; Secure regenerating codes; product-matrix construction; regenerating codes (ID#: 15-3684)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6877804&isnumber=6877795
Mirmohseni, M.; Papadimitratos, P., "Scaling Laws For Secrecy Capacity In Cooperative Wireless Networks," INFOCOM, 2014 Proceedings IEEE, pp.1527, 1535, April 27 2014-May 2 2014. doi: 10.1109/INFOCOM.2014.6848088 We investigate large wireless networks subject to security constraints. In contrast to point-to-point, interference-limited communications considered in prior works, we propose active cooperative relaying based schemes. We consider a network with nl legitimate nodes and ne eavesdroppers, and path loss exponent α ≥ 2. As long as ne2(log(ne))γ = o(nl) holds for some positive γ, we show one can obtain unbounded secure aggregate rate. This means zero-cost secure communication, given a fixed total power constraint for the entire network. We achieve this result with (i) the source using Wyner randomized encoder and a serial (multi-stage) block Markov scheme, to cooperate with the relays, and (ii) the relays acting as a virtual multi-antenna to apply beamforming against the eavesdroppers. Our simpler parallel (two-stage) relaying scheme can achieve the same unbounded secure aggregate rate when neα/2 + 1 (log(ne))γ+δ(α/2+1) = o(nl) holds, for some positive γ, δ.
Keywords: Markov processes; array signal processing; cooperative communication; interference (signal); relay networks (telecommunication); telecommunication security; Wyner randomized encoder; active cooperative relaying; beamforming ;cooperative wireless networks; interference limited communications; parallel relaying scheme; path loss exponent; scaling laws; secrecy capacity; secure communication; serial block Markov scheme; Aggregates; Array signal processing; Encoding; Relays; Tin; Transmitters; Wireless networks (ID#: 15-3685)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6848088&isnumber=6847911
Yao, H.; Silva, D.; Jaggi, S.; Langberg, M., "Network Codes Resilient to Jamming and Eavesdropping," Networking, IEEE/ACM Transactions on, vol. PP, no.99, pp. 1, 1, February 2014. doi: 10.1109/TNET.2013.2294254 We consider the problem of communicating information over a network secretly and reliably in the presence of a hidden adversary who can eavesdrop and inject malicious errors. We provide polynomial-time distributed network codes that are information-theoretically rate-optimal for this scenario, improving on the rates achievable in prior work by Ngai Our main contribution shows that as long as the sum of the number of links the adversary can jam (denoted by $ Z_{O}$ ) and the number of links he can eavesdrop on (denoted by $ Z_{I}$) is less than the network capacity (denoted by $ C$) (i.e., $ Z_{O}+ Z_{I}< C$), our codes can communicate (with vanishingly small error probability) a single bit correctly and without leaking any information to the adversary. We then use this scheme as a module to design codes that allow communication at the source rate of $ C- Z_{O}$ when there are no security requirements, and codes that allow communication at the source rate of $ C- Z_{O}- Z_{I}$ while keeping the communicated message provably secret from the adversary. Interior nodes are oblivious to the presence of adversaries and perform random linear network coding; only the source and destination need to be tweaked. We also prove that the rate-region obtained is information-theoretically optimal. In proving our results, we correct an error in prior work by a subset of the authors in this paper.
Keywords: Error probability; Jamming; Network coding; Robustness; Transforms; Vectors; Achievable rates; adversary; error control; network coding; secrecy (ID#: 15-3686)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6730968&isnumber=4359146
Pasolini, G.; Dardari, D., "Secret Key Generation In Correlated Multi-Dimensional Gaussian Channels," Communications (ICC), 2014 IEEE International Conference on, pp.2171,2177, 10-14 June 2014. doi: 10.1109/ICC.2014.6883645 Wireless channel reciprocity can be successfully exploited as a common source of randomness for the generation of a secret key by two legitimate users willing to achieve confidential communications over a public channel. This paper presents an analytical framework to investigate the theoretical limits of secret-key generation when wireless multi-dimensional Gaussian channels are used as source of randomness. The intrinsic secrecy content of wide-sense stationary wireless channels in frequency, time and spatial domains is derived through asymptotic analysis as the number of observations in a given domain tends to infinity. Some significant case studies are presented where single and multiple antenna eavesdroppers are considered. In the numerical results, the role of signal-to-noise ratio, spatial correlation, frequency and time selectivity is investigated.
Keywords: Gaussian channels; antenna arrays; frequency-domain analysis; public key cryptography; radio networks; telecommunication security; time-domain analysis; wireless channels; analytical framework; asymptotic analysis; confidential communications; correlated multidimensional Gaussian channels; frequency domains; intrinsic secrecy content; multiple antenna eavesdroppers; public channel; secret key generation; signal-to-noise ratio; spatial correlation; spatial domains; time domains; time selectivity; wide-sense stationary wireless channels; wireless channel reciprocity; wireless networks; Communication system security; Covariance matrices; Security; Signal to noise ratio; Time-frequency analysis; Wireless communication (ID#: 15-3687)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883645&isnumber=6883277
Guoyuan Lin; Danru Wang; Yuyu Bie; Min Lei, "MTBAC: A Mutual Trust Based Access Control Model In Cloud Computing," Communications, China, vol.11, no.4, pp.154, 162, April 2014. doi: 10.1109/CC.2014.6827577 As a new computing mode, cloud computing can provide users with virtualized and scalable web services, which faced with serious security challenges, however. Access control is one of the most important measures to ensure the security of cloud computing. But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing. In cloud computing environment, only when the security and reliability of both interaction parties are ensured, data security can be effectively guaranteed during interactions between users and the Cloud. Therefore, building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment. Combining with Trust Management(TM), a mutual trust based access control (MTBAC) model is proposed in this paper. MTBAC model take both user's behavior trust and cloud services node's credibility into consideration. Trust relationships between users and cloud service nodes are established by mutual trust mechanism. Security problems of access control are solved by implementing MTBAC model into cloud computing environment. Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes
Keywords: Web services; authorisation; cloud computing; virtualisation; MTBAC model; cloud computing environment; cloud computing security; cloud service node credibility; data security; mutual trust based access control model; mutual trust mechanism; mutual trust relationship; open conditions; scalable Web services; trust management; user behavior trust; virtualized Web services; Computational modeling; Reliability; Time-frequency analysis; MTBAC; access control; cloud computing; mutual trust mechanism; trust model (ID#: 15-3688)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6827577&isnumber=6827540
Chen, L.M.; Hsiao, S.-W.; Chen, M.C.; Liao, W., "Slow-Paced Persistent Network Attacks Analysis and Detection Using Spectrum Analysis," Systems Journal, IEEE, vol. PP, no. 99, pp.1, 12, September 2014. doi: 10.1109/JSYST.2014.2348567 A slow-paced persistent attack, such as slow worm or bot, can bewilder the detection system by slowing down their attack. Detecting such attacks based on traditional anomaly detection techniques may yield high false alarm rates. In this paper, we frame our problem as detecting slow-paced persistent attacks from a time series obtained from network trace. We focus on time series spectrum analysis to identify peculiar spectral patterns that may represent the occurrence of a persistent activity in the time domain. We propose a method to adaptively detect slow-paced persistent attacks in a time series and evaluate the proposed method by conducting experiments using both synthesized traffic and real-world traffic. The results show that the proposed method is capable of detecting slow-paced persistent attacks even in a noisy environment mixed with legitimate traffic.
Keywords: Discrete Fourier transforms; Grippers; Spectral analysis; Time series analysis; Time-domain analysis; Time-frequency analysis; Network security; persistent activity; slow-paced attack; spectrum analysis; time series (ID#: 15-3689)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6906240&isnumber=4357939
Kun Wen; Jiahai Yang; Fengjuan Cheng; Chenxi Li; Ziyu Wang; Hui Yin, "Two-stage Detection Algorithm For Roq Attack Based On Localized Periodicity Analysis Of Traffic Anomaly," Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, pp.1,6, 4-7 Aug. 2014. doi: 10.1109/ICCCN.2014.6911829 Reduction of Quality (RoQ) attack is a stealthy denial of service attack. It can decrease or inhibit normal TCP flows in network. Victims are hard to perceive it as the final network throughput is decreasing instead of increasing during the attack. Therefore, the attack is strongly hidden and it is difficult to be detected by existing detection systems. Based on the principle of Time-Frequency analysis, we propose a two-stage detection algorithm which combines anomaly detection with misuse detection. In the first stage, we try to detect the potential anomaly by analyzing network traffic through Wavelet multiresolution analysis method. According to different time-domain characteristics, we locate the abrupt change points. In the second stage, we further analyze the local traffic around the abrupt change point. We extract the potential attack characteristics by autocorrelation analysis. By the two-stage detection, we can ultimately confirm whether the network is affected by the attack. Results of simulations and real network experiments demonstrate that our algorithm can detect RoQ attacks, with high accuracy and high efficiency.
Keywords: computer network security; time-frequency analysis; RoQ attack; anomaly detection; autocorrelation analysis; denial of service attack; detection algorithm; detection systems; inhibit normal TCP flows; localized periodicity analysis; network traffic; reduction of quality; time-frequency analysis; traffic anomaly; wavelet multiresolution analysis method; Algorithm design and analysis; Computer crime; Correlation; Detection algorithms; Multiresolution analysis; RoQ attack; anomaly detection; misuse detection; network security; wavelet analysis (ID#: 15-3690)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911829&isnumber=6911704
Yanbing Liu; Qingyun Liu; Ping Liu; Jianlong Tan; Li Guo, "A Factor-Searching-Based Multiple String Matching Algorithm For Intrusion Detection," Communications (ICC), 2014 IEEE International Conference on , vol., no., pp.653,658, 10-14 June 2014. doi: 10.1109/ICC.2014.6883393 Multiple string matching plays a fundamental role in network intrusion detection systems. Automata-based multiple string matching algorithms like AC, SBDM and SBOM are widely used in practice, but the huge memory usage of automata prevents them from being applied to a large-scale pattern set. Meanwhile, poor cache locality of huge automata degrades the matching speed of algorithms. Here we propose a space-efficient multiple string matching algorithm BVM, which makes use of bit-vector and succinct hash table to replace the automata used in factor-searching-based algorithms. Space complexity of the proposed algorithm is O(rm2 + ΣpϵP |p|), that is more space-efficient than the classic automata-based algorithms. Experiments on datasets including Snort, ClamAV, URL blacklist and synthetic rules show that the proposed algorithm significantly reduces memory usage and still runs at a fast matching speed. Above all, BVM costs less than 0.75% of the memory usage of AC, and is capable of matching millions of patterns efficiently.
Keywords: automata theory; security of data; string matching; AC; ClamAV; SBDM; SBOM; Snort; URL blacklist; automata-based multiple string matching algorithms; bit-vector; factor searching-based algorithms; factor-searching-based multiple string matching algorithm; huge memory usage; matching speed; network intrusion detection systems; space complexity; space-efficient multiple string matching algorithm BVM; succinct hash table; synthetic rules; Arrays; Automata; Intrusion detection; Pattern matching; Time complexity; automata; intrusion detection; multiple string matching; space-efficient (ID#: 15-3691)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883393&isnumber=6883277
Van Vaerenbergh, S.; González, O.; Vía, J.; Santamaría, I., "Physical Layer Authentication Based On Channel Response Tracking Using Gaussian Processes," Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on, pp.2410,2414, 4-9 May 2014. doi: 10.1109/ICASSP.2014.6854032 Physical-layer authentication techniques exploit the unique properties of the wireless medium to enhance traditional higher-level authentication procedures. We propose to reduce the higher-level authentication overhead by using a state-of-the-art multi-target tracking technique based on Gaussian processes. The proposed technique has the additional advantage that it is capable of automatically learning the dynamics of the trusted user's channel response and the time-frequency fingerprint of intruders. Numerical simulations show very low intrusion rates, and an experimental validation using a wireless test bed with programmable radios demonstrates the technique's effectiveness.
Keywords: {Gaussian processes; fingerprint identification; security of data; target tracking; telecommunication security; time-frequency analysis; wireless channels; Gaussian process; automatic learning; channel response tracking; higher level authentication overhead; higher level authentication procedure; intruder; multitarget tracking technique; numerical simulation; physical layer authentication; programmable radio; time-frequency fingerprint; trusted user channel response; wireless medium; wireless test bed; Authentication; Channel estimation; Communication system security; Gaussian processes; Time-frequency analysis; Trajectory; Wireless communication; Gaussian processes; multi-target tracking; physical-layer authentication; wireless communications (ID#: 15-3692)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6854032&isnumber=6853544
Baofeng Wu; Qingfang Jin; Zhuojun Liu; Dongdai Lin, "Constructing Boolean Functions With Potentially Optimal Algebraic Immunity Based On Additive Decompositions Of Finite Fields (Extended Abstract)," Information Theory (ISIT), 2014 IEEE International Symposium on, pp.1361,1365, June 29 2014-July 4 2014. doi: 10.1109/ISIT.2014.6875055 We propose a general approach to construct cryptographic significant Boolean functions of (r + 1)m variables based on the additive decomposition F2rm × F2m of the finite field F2(r+1)m, where r ≥ 1 is odd and m ≥ 3. A class of unbalanced functions is constructed first via this approach, which coincides with a variant of the unbalanced class of generalized Tu-Deng functions in the case r = 1. Functions belonging to this class have high algebraic degree, but their algebraic immunity does not exceed m, which is impossible to be optimal when r > 1. By modifying these unbalanced functions, we obtain a class of balanced functions which have optimal algebraic degree and high nonlinearity (shown by a lower bound we prove). These functions have optimal algebraic immunity provided a combinatorial conjecture on binary strings which generalizes the Tu-Deng conjecture is true. Computer investigations show that, at least for small values of number of variables, functions from this class also behave well against fast algebraic attacks.
Keywords: Boolean functions; combinatorial mathematics; cryptography; additive decomposition; algebraic immunity; binary strings; combinatorial conjecture; cryptographic significant Boolean functions; fast algebraic attacks ;finite field; generalized Tu-Deng functions; optimal algebraic degree; unbalanced functions; Additives; Boolean functions; Cryptography; Electronic mail; FAA; Information theory; Transforms (ID#: 15-3693)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6875055&isnumber=6874773
Luowei Zhou; Sucheng Liu; Weiguo Lu; Shuchang Hu, "Quasi-Steady-State Large-Signal Modelling Of DC–DC Switching Converter: Justification And Application For Varying Operating Conditions," Power Electronics, IET, vol.7, no.10, pp.2455, 2464, 10 2014. doi: 10.1049/iet-pel.2013.0487 Quasi-steady-state (QSS) large-signal models are often taken for granted in the analysis and design of DC-DC switching converters, particularly for varying operating conditions. In this study, the premise for the QSS is justified quantitatively for the first time. Based on the QSS, the DC-DC switching converter under varying operating conditions is reduced to the linear time varying systems model. Thereafter, the QSS concept is applied to analysis of frequency-domain properties of the DC-DC switching converters by using three-dimensional Bode plots, which is then utilised to the optimisation of the controller parameters for wide variations of input voltage and load resistance. An experimental prototype of an average-current-mode-controlled boost DC-DC converter is built to verify the analysis and design by both frequency-domain and time-domain measurements.
Keywords: Bode diagrams; DC-DC power convertors; electric current control; electric resistance; linear systems; optimisation; switching convertors; time-frequency analysis; time-varying systems; 3D Bode plots; DC-DC switching converter; QSS; controller parameter optimisation; current mode controlled boost DC-DC converter; frequency-domain measurement; linear time varying systems model; load resistance variation; operating conditions variation; quasi steady-state large signal modelling; time-domain measurement (ID#: 15-3694)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6919980&isnumber=6919884
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.