The document discusses the rise of the Internet of Things (IoT) and the associated security and privacy threats it poses, highlighting the need for effective countermeasures against various types of attacks on its layered structure. It outlines the evolution of IoT since its inception in 1999 and emphasizes the vulnerability of data exchange across all layers to attackers. Additionally, it presents a literature review on existing and proposed security solutions to mitigate identified threats.

1. May 2021: Top 10
Read Articles in
Network Security and
Its Applications
International Journal of Network Security &
Its Applications (IJNSA)
http://airccse.org/journal/ijnsa.html
ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)

2. SECURITY & PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN
INTERNET OF THINGS
Faheem Masoodi1
Shadab Alam2
and Shams Tabrez Siddiqui2
1
Department of Computer Science, University of Kashmir, J&k, India 2
Department of Computer
Science, Jazan University, KSA
ABSTRACT
The idea to connect everything to anything and at any point of time is what vaguely defines the
concept of the Internet of Things (IoT). The IoT is not only about providing connectivity but also
facilitating interaction among these connected things. Though the term IoT was introduced in
1999 but has drawn significant attention during the past few years, the pace at which new
devices are being integrated into the system will profoundly impact the world in a good way but
also poses some severe queries about security and privacy. IoT in its current form is susceptible
to a multitudinous set of attacks. One of the most significant concerns of IoT is to provide
security assurance for the data exchange because data is vulnerable to some attacks by the
attackers at each layer of IoT. The IoT has a layered structure where each layer provides a
service. The security needs vary from layer to layer as each layer serves a different purpose. This
paper aims to analyze the various security and privacy threats related to IoT. Some attacks have
been discussed along with some existing and proposed countermeasures.
KEYWORDS
Internet of Things, privacy, attacks, security, threats, protocols.
For More Details : http://aircconline.com/ijnsa/V11N2/11219ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa19_current.html

3. REFERENCES
[1] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of things (IoT): a vision,
architectural elements, and future directions, Future Gener. Comput. Syst. 29 (7) (2013) 1645–
1660.
[2] Roman, R., Najera, P., Lopez, J., 2011. Securing the internet of things. Computer 44 (9),
51_58.
[3] Horrow, S., and Anjali, S. (2012). Identity Management Framework for Cloud-Based Internet
of Things. SecurIT ’12 Proceedings of the First International Conference on Security of Internet
of Things, 200– 203. 2012
[4] Whitmore, A., Agarwal, A., and Da Xu, L. (2014). The Internet of Things: A survey of topics
and trends. Information Systems Frontiers, 17(2), 261– 274.
[5] Aazam, M., St-Hilaire, M., Lung, C.-H., and Lambadaris, I. (2016). PRE-Fog: IoT trace
based probabilistic resource estimation at Fog. 2016 13th IEEE Annual Consumer
Communications and Networking Conference (CCNC), 12– 17.
[6] Jiang, H., Shen, F., Chen, S., Li, K. C., and Jeong, Y. S. (2015). A secure and scalable
storage system for aggregate data in IoT. Future Generation Computer Systems, 49, 133– 141.
[7] Li, S., Tryfonas, T., and Li, H. (2016). The Internet of Things: a security point of view.
Internet Research, 26(2), 337– 359.
[8] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash. Internet of things:
A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys
Tutorials, 17(4):2347–2376, Fourth quarter 2015.
[9] Pongle, P., and Chavan, G. (2015). A survey: Attacks on RPL and 6LoWPAN in IoT. 2015
International Conference on Pervasive Computing: Advance Communication Technology and
Application for Society, ICPC 2015, 0(c), 0–5.
[10] Tsai, C.-W., Lai, C.-F., and Vasilakos, A. V. (2014). Future Internet of Things: open issues
and challenges. Wireless Networks, 20(8), 2201–2217.
[11] V. Karagiannis, P. Chatzimisios, F. Vazquez-Gallego, and J. Alonso-Zarate, "A survey on
application layer protocols for the internet of things," Transaction on IoT and Cloud Computing,
vol. 3, no. 1, pp. 11-17, 2015
[12] D. Locke, "MQ telemetry transport (MQTT) v3. 1 protocol specification," IBM Developer
WorksTechnicalLibrary,2010,
http://www.ibm.com/developerworks/webservices/library/wsmqtt/index.html

4. [13] M. Singh, M. Rajan, V. Shivraj, and P. Balamuralidhar, "Secure MQTT for the Internet of
Things (IoT)," in Fifth International Conference on Communication Systems and Network
Technologies (CSNT 2015), April 2015, pp. 746-751.
[14] OASIS, "OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0," 2012,
http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-complete-v1.0-os.pdf
[15] T. Winter, et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks," IETF
RFC 6550, Mar. 2012, http://www.ietf.org/rfc/rfc6550.txt
[16] A. Aijaz and A. Aghvami, "Cognitive machine-to-machine communications for internet-of-
things: A protocol stack perspective," IEEE Internet of Things Journal, vol. 2, no. 2, pp. 103-112,
April 2015,
[17] http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=7006643
[18] Z. Zhou, B. Yao, R. Xing, L. Shu, and S. Bu, "E-CARP: An energy-efficient routing
protocol for UWSNs on the internet of underwater things," IEEE Sensors Journal, vol. PP, no.
99, 2015, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7113774
[19] D. Dujovne, T. Watteyne, X. Vilajosana, and P. Thubert, "6TiSCH: Deterministic IP-
enabled industrial internet (of things)," IEEE Communications Magazine, vol. 52, no.12, pp. 36-
41, December 2014, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6979984
[20] M. Hasan, E. Hossain, D. Niyato, "Random access for machine-to-machine communication
in LTEadvanced networks: issues and approaches," in IEEE Communications Magazine, vol. 51,
no. 6, pp.86-93, June 2013,
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6525600
[21] Z-Wave, "Z-Wave Protocol Overview," v. 4, May 2007,
https://wiki.ase.tut.fi/courseWiki/imges/9/94/SDS10243_2_Z_Wave_Protocol_Overview.pdf
[22] ZigBee Standards Organization, “ZigBee Specification,” Document 053474r17, Jan 2008,
604 pp., http://home.deib.polimi.it/cesana/teaching/IoT/papers/ZigBee/ZigBeeSpec.pdf
[23] O. Cetinkaya and O. Akan, "A dash7-based power metering system," in 12th Annual IEEE
Consumer Communications and Networking Conference (CCNC), Jan 2015, pp. 406-411,
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7158010
[24] Zhang, Zhi-Kai, et al. ”IoT security: ongoing challenges and research opportunities.”
ServiceOriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference
on. IEEE, 2014.
[28] D. Migault, D. Palomares, E. Herbert, W. You, G. Ganne, G. Arfaoui, and M. Laurent,
“E2E: An Optimized IPsec Architecture for Secure And Fast Offload,” in Seventh International
Conference on Availability, Reliability and Security E2E: 2012.

5. [26] Abomhara, Mohamed, and Geir M. Køien. ”Security and privacy in the Internet of Things:
Current status and open issues.” Privacy and Security in Mobile Systems (PRISMS), 2014
International Conference on. IEEE, 2014.
[27] B. L. Suto, “Analyzing the Accuracy and Time Costs of Web Application Security
Scanners,” San Fr., no. October 2007, 2010.
[28] O. El Mouaatamid, M. LahmerInternet of Things security: layered classification of attacks
and possible countermeasures Electron J (9) (2016).
[29] Seda F. Gürses/Bettina Berendt/Thomas Santen, Multilateral Security Requirements
Analysis for Preserving Privacy in Ubiquitous Environments, in Bettina Berendt/Ernestina
Menasalvas (eds), Workshop on Ubiquitous Knowledge Discovery for Users (UKDU '06), at 51–
64;
[30] Stankovic, J. (2014). Research directions for the internet of things. IEEE Internet of Things
Journal, 1(1), 3–9
[31] Sicari, Sabrina, et al. "Security, privacy and trust in the Internet of Things: The road ahead."
Computer Networks76 (2015): 146-164.
[32]https://www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/
Accessed on 15-03-2019
[33] Bokhari, Mohammad Ubaidullah, and Faheem Masoodi. "Comparative analysis of
structures and attacks on various stream ciphers." Proceedings of the 4th National Conference.
2010.

6. PHISHING MITIGATION TECHNIQUES: A LITERATURE SURVEY
Wosah Peace Nmachi and Thomas Win
School of Computing & Engineering University of Gloucestershire, Park Campus, Cheltenham
GL50 2RH United Kingdom
ABSTRACT
Email is a channel of communication which is considered to be a confidential medium of
communication for exchange of information among individuals and organisations. The
confidentiality consideration about e-mail is no longer the case as attackers send malicious
emails to users to deceive them into disclosing their private personal information such as
username, password, and bank card details, etc. In search of a solution to combat phishing
cybercrime attacks, different approaches have been developed. However, the traditional exiting
solutions have been limited in assisting email users to identify phishing emails from legitimate
ones. This paper reveals the different email and website phishing solutions in phishing attack
detection. It first provides a literature analysis of different existing phishing mitigation
approaches. It then provides a discussion on the limitations of the techniques, before concluding
with an explorationin to how phishing detection can be improved.
KEYWORDS
Cyber-security, Phishing Email Attack, Deep Learning, Stylometric Analysis, Cyber Human
Behaviour
For More Details : https://aircconline.com/ijnsa/V13N2/13221ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html

7. REFERENCES
[1] Leite C., Gondim J. J. C., Barreto P. S., and Alchieri E. A., (2019). Waste flooding: A
phishing retaliation tool
[2] Xiujuan W., Chenxi Z., Kangfeng Z., Haoyang T., &Yuanrui T.(2019)detecting spear-
phishing emails based on authentication
[3] Duman S, Kalkan-Cakmakci K, Egele M. (2016)EmailProfiler: Spear phishing filtering with
header and stylometric features of emails.
[4] Calix K., Connors M., Levy D., Manzar H., McCabe G., & Westcott S. (2008). Stylometry
for E-mail author identification and authentication
[5] Gupta B. B., Arachchilage N A.G., &Psannis K. E. (2018).Defending against phishing
attacks: taxonomy of methods, current issues and future direction
[6] Dewan P, Kashyap A, &Kumaraguru P. (2014). Analysingsocial and stylometric features to
identify spear phishing emails
[7] AbahussainO. &Harrath Y. (2019). Detection of malicious emails through regular
expressions and databases
[8] Helmi R. A. A., Ren C. S.&Jamal A. (2019). Email anti-phishing detection application
[9] Asanka N. G.A.,Steve L.&Beznosov K. (2016) Phishing threat avoidance behaviour: An
empirical investigation
[10] Mohammad R., Thabtah F. & McCluskey L. (2015): Tutorial and critical analysis of
phishing websites methods
[11] Heartfield Ryan& George Loukas, (2018) Detecting semantic social engineering attacks
with the weakest link: Implementation and empirical evaluation of a human-as-a-security-
sensor framework
[12] Baniya T., Gautam D.& Kim Y. (2015). Safeguarding web surfing with URL blacklisting
[13] Canova G., Volkamer M., Bergmann C., &Borza R. (2014). NoPhish: An anti-phishing
education app
[14] Bottazzi G., Casalicchio E., Marturana F., &Piu M. (2015). MP-shield: A framework for
phishing detection in mobile devices.
[15] Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015) Identity-based encryption without
sourced revocation incloud computing

8. [16] Qabajeh I.,Thabtah F.,&Chiclana F. (2018) A recent review of conventional vs.
automated cybersecurity anti-phishing techniques
[17] Lötter Andrés.&Futcher Lynn, (2015) A framework to Assist Email Users in the
Identification of Phishing Attacks
[18] Gascon H., Ullrich S., Stritter B. &Rieck K. (2018) Reading between the lines: content-
agnostic detection of spear-phishing emails
[19] Smadi S., Aslam N., & Zhang L. (2018). Detection of online phishing email using
dynamic evolving neural network based on reinforcement learning
[20] Chandrasekaran M., Narayanan K., andUpadhayayaS. (2006) Phishing e-mail detection
based on structural properties.
[21] Ghafir I., Saleem J., Hammoudeh M., Faour H., Prenosil V., Jaf S., Jabbar S. & Baker T.
(2018). Security threats to critical infrastructure: the human factor
[22] Khonji M, Iraqi Y& Jones A. (2011). Mitigation of spear phishing attacks: A Content-
based Authorship Identification framework
[23] Iqbal F, BinsalleehH&Fung B C M. (2010). Mining writeprints from anonymous e-mails
for forensic investigation
[24] Lyon, J.& Wong M. (2006). Sender ID: authenticating e-mail,” RFC 4406.
[25] KunjuM.V., Esther D., Anthony H. C. &BhelwaS. (2019) Evaluation of phishing
techniques based on machine learning
[26] Peng T., Harris I., &Sawa Y. (2018).Detecting phishing attacks using natural language
processing and machine learning
[27] SahingozO.K.,Buber E., Demir O., &Diri B. (2019). Machine learning based phishing
detection from URLs
[28] Zhang, Y., Hong, J. I., &Cranor, L. F.(2007). Cantina: A content based approach to
detecting phishing web sites.
[29] Suganya V. (2016): A review on phishing attacks and various anti-phishing techniques
[30] Abdelhamid N., Ayesh A. &Thabtah F. (2014) Phishing detection based associative
classification data mining

9. [31] SternfeldUri&Striem-Amit Yonatan. (2019) Prevention of rendezvous generation
algorithm (RGA) and domain generation algorithm (DGA) malware over exiting internet
services.
[32] Akarsh S., Sriram S., &Poornachandran P.(2019) Deep learning framework for domain
generation algorithms prediction using long short-term memory.
[33] Bagui S., Nandi D.,Subhash B. & White J.R (2019) Classifying phishing email using
machine learning and deep learning
[34] Jain Kumar Ankit. & Gupta B.B. (2018). A machine learning based approach for
phishing detection using hyperlinks information
[35] Vinayakumar R., Soman K. P., Poornachandran P., Akarsh S. &Elhoseny M. (2019)
Deep learning framework for cyber threat situational awareness based on email and url data
analysis.
[36] Park Gilchan and Rayz Julia (2018).Ontological detection of phishing emails
[37] Surbhi G., Abhishek S.&Akanksha K. (2016). A literature survey on social engineering
attacks: phishing attack
[38] Jamil A., Asif K.& Ghulam Z. (2018) MPMPA: A mitigation and prevention model for
social engineering based phishing attacks on facebook
[39] Platsis George, (2018) Thehuman factor: Cyber security's greatest challenge
[40] NaimBaftiu. (2017).Cyber security in Kosovo
[41] Abdelhamid N., Thabtah F. & Abdel-jaber H. (2017) Phishing detection: A recent
intelligent machine learning comparison based on models content and features
[42] Alsharnouby M., Alaca F., Chiasson S. (2015)Why phishing still works: User strategies
for combating phishing attacks
[43] Chou N., Ledesma R., Teraguchi Y., Boneh D., and Mitchell J. C. (2004) “Client-side
defence against web-based identity theft”.
[44] Prakash P., Kumar M., Rao R. K. and Gupta M. (2010) PhishNet: Predictive blacklisting
to detect phishing attacks
[45] Delany Mark, (2007) Domain-based email authentication using public keys advertised in
the DNS (Domain Keys).

10. [46] Saidani N., Adi K. and AlliliM. S. (2020)A semantic-based classification approach for an
enhanced spam detection.
[47] Bhowmick A. and Hazarika S.M. (2016) Machine learning for e-mail spam filtering:
review techniques and trends.

11. A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC
VOTING SYSTEM
Ahmed Ben Ayed
Department of Engineering and Computer Science, Colorado Technical University, Colorado
Springs, Colorado, USA
ABSTRACT
Blockchain is offering new opportunities to develop new types of digital services. While research
on the topic is still emerging, it has mostly focused on the technical and legal issues instead of
taking advantage of this novel concept and creating advanced digital services. In this paper, we
are going to leverage the open source Blockchain technology to propose a design for a new
electronic voting system that could be used in local or national elections. The Blockchain-based
system will be secure, reliable, and anonymous, and will help increase the number of voters as
well as the trust of people in their governments.
KEYWORDS
Blockchain, Electronic Voting System, e-Voting, I-Voting, iVote
For More Details : https://aircconline.com/ijnsa/V9N3/9317ijnsa01.pdf
Volume Link : http://airccse.org/journal/jnsa17_current.html

12. REFERENCES
[1] Madise, Ü. Madise and T. Martens, “E-voting in Estonia 2005. The first practice of country-
wide binding Internet voting in the world.”,Electronic voting, 2nd International Workshop,
Bregenz, Austria,(2006) August 2-4.
[2] J. Gerlach and U. Grasser, “Three Case Studies from Switzerland: E-voting”, Berkman
Center Research Publication, (2009).
[3] I. S. G. Stenerud and C. Bull, “When reality comes knocking Norwegian experiences with
verifiable electronic voting”, Electronic Voting. Vol. 205. (2012), pp. 21-33.
[4] C. Meter and A. Schneider and M. Mauve, “Tor is not enough: Coercion in Remote
Electronic Voting Systems. arXiv preprint. (2017).
[5] D. L. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”,
Communication of the ACM. Vol. 24(2). (1981), pp. 84-90.
[6] T. ElGamal, “A public Key Cryptosystem and a Signature Scheme Based on Discrete
Logarithms”, IEEE Trans. Info. Theory. Vol. 31. (1985), pp. 469-472.
[7] S. Ibrahim and M. Kamat and M. Salleh and S. R. A. Aziz, “Secure E-Voting with Blind
Signature”, Proceeding of the 4th National Conference of Communication Technology,
Johor, Malaysia, (2003) January 14-15.
[8] J. Jan and Y. Chen and Y. Lin, “The Design of Protocol for e-Voting on the Internet”,
Proceedings IEEE 35th Annual 2001 International Carnahan Conference on Security
Technology, London, England, (2001) October 16-19.
[9] D. L. Dill and A.D. Rubin, “E-Voting Security”, Security and Privacy Magazine, Vol. 2(1).
(2004), pp. 22-23.
[10] D. Evans and N. Paul, “Election Security: Perception and Reality”. IEEE Privacy
Magazine, vol. 2(1). (2004), pp. 2-9.
[11] Trueb Baltic, “Estonian Electronic ID – Card Application Specification Prerequisites to
the Smart Card Differentiation to previous Version of EstEID Card Application.”
http://www.id.ee/public/TBSPEC-EstEID-Chip-App-v3_5-20140327.pdf
[12] Cybernetica. “Internet Voting Solution.”
https://cyber.ee/uploads/2013/03/cyber_ivoting_NEW2_A4_web.pdf.
[13] D. Springall, T. Finkenauer, Z. Durumeric, J. Kitcat, H. Hursti, M. MacAlpine, and J. A.
Halderman, “Security Analysis of the Estonian Internet Voting System.” Proceedings of the

13. 2014 ACM SIGSAC Conference on Computer and Communications Security. (2014), pp.
703-715.
[14] Ministry of Local Government and Modernisation. “Internet Voting Pilot to be
Discontinued.” https://www.regjeringen.no/en/aktuelt/Internet-voting-pilot-to-be-
discontinued/id764300/
[15] J. A. Halderman, and V. Teague, “The New South Wales iVote System: Security Failures
and Verifications Flaws in a Live Online Election.” International Conference on E-Voting
and Identity. (2015), pp. 35-53.
[16] S. Wolchok, E. Wustrow, D. Isabel, J. A. Halderman, “Attacking the Washington, DC
Internet Voting System.” International Conference on Financial Cryptography and Data
Security (2012), pp. 114-128.
[17] National Institute of Standards and Technology, “Federal Information Processing
Standards Publication”, (2012).
[18] S. Nakamoto, “A Peer-to-Peer Electronic Cash System”, (2008).
[19] F. Reid and M. Harrigan, “An Analysis of Anonymity in the Bitcoin System”, Security
and Privacy in Social Networks. (2013), pp. 1-27.
[20] S. Raval, “Decentralized Applications: Harnessing Bitcoin’s Blockchain Technology.”
O’Reilly Media, Inc. Sebastopol, California (2016).
[21] J. R. Douceur, “The Sybil Attack”, International Workshop on Peer-to-Peer Systems,
(2002), pp. 251-260.
AUTHORS
Ahmed Ben Ayed, has received his Bachelor of Science in Computer Information Systems,
Master of Science in Cyber Security and Information Assurance, and currently a doctoral student
at Colorado Technical University, and an Adjunct Professor at California Takshila University.
His research interests are Android Security, Pattern Recognition of Malicious Applications,
Machine Learning, Cryptography, Information & System Security and Cyber Security.

14. COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL
NEURAL NETWORK BASED ON API CALL STREAM
Matthew Schofield1
, Gulsum Alicioglu2
, Bo Sun1
, Russell Binaco1
, Paul Turner1
, Cameron
Thatcher1
, Alex Lam1
and Anthony Breitzman1
1
Department of Computer Science, Rowan University, Glassboro, New Jersey, USA
2
Department of Electrical and Computer Engineering, Rowan University, Glassboro, New
Jersey, USA
ABSTRACT
Malicious software is constantly being developed and improved, so detection and classification
of malwareis an ever-evolving problem. Since traditional malware detection techniques fail to
detect new/unknown malware, machine learning algorithms have been used to overcome this
disadvantage. We present a Convolutional Neural Network (CNN) for malware type
classification based on the API (Application Program Interface) calls. This research uses a
database of 7107 instances of API call streams and 8 different malware types:Adware, Backdoor,
Downloader, Dropper, Spyware, Trojan, Virus,Worm. We used a 1-Dimensional CNN by
mapping API calls as categorical and term frequency-inverse document frequency (TF-IDF)
vectors and compared the results to other classification techniques.The proposed 1-D CNN
outperformed other classification techniques with 91% overall accuracy for both categorical and
TFIDF vectors.
KEYWORDS
Convolutional Neural Network, Malware Classification, N-gram Analysis, Term Frequency-
Inverse Document Frequency Vectors, Windows API Calls.
For More Details : https://aircconline.com/ijnsa/V13N2/13221ijnsa01.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html

15. REFERENCES
[1] Daniel Gibert, Carles Mateu, & Jordi Planes, (2020) “The rise of machine learning for
detection and classification of malware: Research developments, trends and challenges”,
Journal of Network and Computer Applications. 10.1016/j.jnca.2019.102526.
[2] Zahra Bazrafshan, Hashem Hashemi, Fard Hazrati, Mehdi Seyed, & Ali Hamzeh, (2013) “A
survey on heuristic malware detection techniques”, 2013 5th Conference on Information and
Knowledge Technology. 113-120. 10.1109/IKT.2013.6620049.
[3] Jyoti Landage, & M. P. Wankhade, (2013) “Malware and Malware Detection Techniques : A
Survey”, International journal of engineering research and technology, 2.
[4] DainiusCeponis, & Nikolaj Goranin,(2019) “Evaluation of Deep Learning Methods
Efficiency for Malicious and Benign System Calls Classification on the AWSCTD”,Security
and Communication Networks,2317976:1-2317976:12.
[5] SerifBahtiyar, Mehmet BarisYaman, & Can Yilmaz Altinigne, (2019)“A multi-dimensional
machine learning approach to predict advanced malware”, Comput. Networks, 160,118-129.
[6] GyuwanKim, Hayoon Yi, JanghoLee, YunheungPaek, & Sungroh Yoon, (2016) “LSTM-
Based System-Call Language Modeling and Robust Ensemble Method for Designing Host-
Based Intrusion Detection Systems”, ArXiv, abs/1611.01726.
[7] AhmetYazi, Ferhat Ozgur Catak,& EnsarGul,(2019) “Classification of Methamorphic
Malware with Deep Learning (LSTM)”,10.1109/SIU.2019.8806571.
[8] Ferhat OzgurCatak,&AhmetYazi,(2019) “A Benchmark API Call Dataset for Windows PE
MalwareClassification”, https://arxiv.org/abs/1905.01999.
[9] EslamAmer,&Ivan Zelinka,(2020) “A dynamic Windows malware detection and prediction
method based on contextual understanding of API call sequence”, Computers & Security.
10.1016/j.cose.2020.101760.
[10] YuntaoZhao, Bo Bo, Yongxin Feng, ChunYu Xu, & Bo Yu,(2019) “A feature extraction
method of hybrid gram for malicious behavior based on machine learning”, Secur. Commun.
Netw.
[11] Chang Choi, ChristianEsposito, MungyuLee, & JunhoChoi, (2019) “Metamorphic
malicious code behavior detection using probabilistic inference methods”, Cognit. Syst. Res.
56, 142–150.
[12] AsgharTajoddin, & SaeedJalili, (2018) “HM3alD: polymorphic Malware detection using
program behavior-aware hidden Markov model”, Appl. Sci. 8 (7), 1044.

16. [13] Matthew Schofield, Gulsum Alicioglu, Russell Binaco, Paul Turner, Cameron Thatcher,
Alex Lam & Bo Sun, (2021) “Convolutional Neural Network For Malware Classification
Based On API Call Sequence”, In proceedings of 2021 the 14th International Conference on
Network Security & Applications. Computer Science & Information Technology (CS & IT).
Zurich, Switzerland.
[14] Jeffrey Heer, Micheal Bostock, & Vadim Ogievetsky,(2010) “A Tour through the
Visualization Zoo”, ACM Queue, 8, 20.
[15] WeijieHan, Jingfeng Xue, YongWang, LuHuang, ZixiaoKong, & Limin Mao, (2019)
“MalDAE: Detecting and explaining malware based on correlation and fusion of static and
dynamic characteristics”, Comput. Secur., 83, 208-233.
[16] LuXiao-Feng, ZhouXiao, Jiang Fangshuo, Yi Sheng-wei,&ShaJing,(2018) “ASSCA: API
based Sequence and Statistics featuresCombinedmalwaredetectionArchitecture”,Procedia
Computer Science, 129, 248-256.
[17] MatildaRhode, Pete Burnap, & Kevin Jones, (2018) “Early Stage Malware Prediction
Using Recurrent Neural Networks”,Comput. Secur., 77,578-594.
[18] ZahraSalehi, Ashkan Sami, & Mahboobe Ghiasi, (2017) “MAAR: Robust features to
detect malicious activity based on API calls, their arguments and return values”, Eng. Appl.
Artif. Intell., 59, 93-102.
[19] MohamedBelaoued, & SmaineMazouzi, (2016) “A Chi-Square-Based Decision for Real-
Time Malware Detection Using PE-File Features”, JIPS, 12,644-660.
[20] Sanchit Gupta, Harshit Sharma, & Sarvjeet Kaur, (2016) “Malware Characterization
Using Windows API Call Sequences”,SPACE.
[21] Jixin Zhang, Zheng Qin, Hui Yin, Lu Ou, & Kehuan Zhang, (2019) “A feature-hybrid
malware variants detection using CNN based opcode embedding and BPNN based API
embedding”, Comput. Secur., 84,376-392.
[22] Tableau Software. (2020). Retrieved from www.tableau.com.
[23] Kolosnjaji Bojan, Zarras Apostolis, Webster George, & Eckert Claudia, (2016) “Deep
Learning for Classification of Malware System Call Sequences”, In: Kang B., Bai Q. (eds)
AI 2016: Advances in Artificial Intelligence. Lecture Notes in Computer Science, vol 9992.
Springer, Cham. https://doi.org/10.1007/978-3-319-50127-7_11.
[24] Catak Ferhat Ozgur, Yazı Ahmet Faruk, Elezaj Ogerta & Ahmed Javed, (2020) “Deep
learning based Sequential model for malware analysis using Windows exe API Calls”, PeerJ
Computer Science 6:e285 https://doi.org/10.7717/peerj-cs.285.

17. [25] Albawi Saad, Mohammad Tareq Abed, & Al-Zawi Saad, (2017), “Understanding of a
convolutional neural network”, 2017 International Conference on Engineering and
Technology (ICET), Antalya, pp. 1-6, doi: 10.1109/ICEngTechnol.2017.8308186.
[26] “http://alexlenail.me/NN-SVG,” 2016. (Accessed 20 December 2020).
[27] Chigozie Nwankpa, Winifred Ijomah, Anthony Gachagan, & Stephen Marshall, (2018)
“Activation Functions: Comparison of trends in Practice and Research for Deep Learning”,
ArXiv, abs/1811.03378.
[28] Yinzheng Gu, Chuanpeng Li, & Jinbin Xie, (2018) “Attention-aware Generalized Mean
Pooling for Image Retrieval”, ArXiv, abs/1811.00202.
[29] Mark Cheung, John Shi, Lavender Jiang, Oren Wright, &Jose Moura, (2019) “Pooling in
Graph Convolutional Neural Networks”, 53rd Asilomar Conference on Signals, Systems, and
Computers, 462-466.
[30] WilliamCavnar, & John Trenkle, (1994) “N-gram-based text categorization”,
Proceedings of SDAIR-94, 3rd annual symposium on document analysis and information
retrieval. Vol. 161175.
[31] Raymond Canzanese, Spiros Mancoridis, &Moshe Kam, (2015) “Run-time classification
of malicious processes using system call analysis”, 10th International Conference on
Malicious and Unwanted Software (MALWARE), Fajardo, 2015, pp. 21-28.
[32] ShahzadQaiser, & Ramsha Ali, (2018) “Text Mining: Use of TF-IDF to Examine the
Relevance of Words to Documents”, International Journal of Computer Applications, 181,
25-29.

18. A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE
MECHANISMS AND INFOSEC POLICIES
Dalal Alharthi and Amelia Regan
Department of Computer Science, University of California Irvine, Irvine, California
ABSTRACT
Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks,
organizations should be aware of social engineering defense mechanisms and security policies.
To that end, the authors developed a taxonomy of social engineering defense mechanisms,
designed a survey to measure employee awareness of these mechanisms, proposed a model of
Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the
incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors
found that more than half of employees are not aware of social engineering attacks. The paper
also analyzed a second set of survey data, which found that on average, organizations
incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show
that organizations are vulnerable to social engineering attacks, and serious steps need to be taken
to elevate awareness against these emerging security threats.
KEYWORDS
Cybersecurity, Social Engineering, Employee Awareness, Defense Mechanisms, Security
Policies
For More Details : https://aircconline.com/ijnsa/V13N2/13221ijnsa04.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html

19. REFERENCES
[1] S. D. Applegate, Social engineering: hacking the wetware! Information Security Journal: A
Global Perspective 18 (1) (2009) 40–46.
[2] C. Hadnagy, Social engineering: The art of human hacking, John Wiley & Sons, 2010.3. A.
Berg, Cracking a social engineer, [online]. lan times (1995).
[3] A. Berg, Cracking a social engineer, [online]. lan times (1995).
[4] T. Greening, Ask and ye shall receive: a study in social engineering, ACM SIGSAC Review
14 (2) (1996) 8–14.
[5] A. Karakasiliotis, S. Furnell, M. Papadaki, Assessing end-user awareness of social
engineering and phishing.
[6] M. Workman, A test of interventions for security threats from social engineering,
Information Management & Computer Security 16 (5) (2008) 463–483.
[7] G. L. Orgill, G. W. Romney, M. G. Bailey, P. M. Orgill, The urgency for effective user
privacy-education to counter social engineering attacks on secure computer systems, in:
Proceedings of the 5th conference on Information technology education, ACM, 2004, pp.
177–181
[8] T. Bakhshi, M. Papadaki, S. Furnell, A practical assessment of social engineering
vulnerabilities., in: HAISA, 2008, pp. 12–23.
[9] F. Mouton, M. M. Malan, L. Leenen, H. S. Venter, Social engineering attack
framework, in: 2014 Information Security for South Africa, IEEE, 2014, pp. 1–9.
[10] R. Kalnin,š, J. Purin,š, and G. Alksnis, “Security evaluation of wireless network access
points,” Applied Computer Systems, vol. 21, no. 1, pp.38–45, 2017.
[11] D. N. Alharthi, M. M. Hammad, and A. C. Regan, “A taxonomy of social engineering
defense mechanisms,” in Future of Information and Communication Conference. Springer,
2020, pp. 27–41.
[12] F. Mouton, L. Leenen, and H. S. Venter, “Social engineering attack examples, templates
and scenarios,” Computers & Security, vol. 59, pp.186–209, 2016.
[13] N. Saxena, E. Hayes, E. Bertino, P. Ojo, K.-K. R. Choo, and P. Burnap, “Impact and key
challenges of insider threats on organizations and critical businesses,” Electronics, vol. 9, no.
9, p. 1460, 2020.

20. [14] T. Ahmad, “Corona virus (covid-19) pandemic and work from home: Challenges of
cybercrimes and cybersecurity,” Available at SSRN3568830, 2020.
[15] N. Sarginson, “Securing your remote workforce against new phishing attacks,” Computer
Fraud & Security, vol. 2020, no. 9, pp. 9–12, 2020.
[16] H. Aldawood and G. Skinner, “Contemporary cyber security social engineering solutions,
measures, policies, tools and applications: Acritical appraisal,” International Journal of
Security (IJS), vol. 10, no. 1, p. 1, 2019.
[17] V. Systems, “Varonis 2019 global data risk report,” 2019.
[18] A. Yazdanmehr and J. Wang, “Employees’ information security policy compliance: A
norm activation perspective,” Decision Support Systems, vol. 92, pp. 36–46, 2016.
[19] D. N. Alharthi and A. C. Regan, “Social engineering defense mechanisms: A taxonomy
and a survey of employees’ awareness level,” in Science and Information Conference.
Springer, 2020, pp. 521–541.
[20] D. N. Alharthi and A. C. Regan, “Social engineering InfoSec Policies (SE-IPs),” in the
14th International Conference on Network Security & Applications (CNSA 2021). CICT,
2021, pp. 521–541. NIAI - 2021 pp. 57-74, 2021.
[21] H. Aldawood, G. Skinner, An academic review of current industrial and commercial
cyber security social engineering solutions, in: Proceedings of the 3rd International
Conference on Cryptography, Security and Privacy, ACM, 2019, pp. 110–115.
[22] B. M. E. Elnaim, H. A. S. W. Al-Lami, The current state of phishing attacks against
Saudi Arabia university students.
[23] C. Happ, A. Melzer, G. Steffgen, Trick with treat–reciprocity increases the willingness to
communicate personal data, Computers in Human Behavior 61 (2016) 372–377.
[24] I. Ghafir, V. Prenosil, A. Alhejailan, M. Hammoudeh, Social engineering attack
strategies and defence approaches, in: 2016 IEEE 4th International Conference onFuture
Internet of Things and Cloud (FiCloud), IEEE, 2016, pp. 145–149.
[25] M. Gupta, R. Sharman, Social network theoretic framework for organizational
socialengineering susceptibility index, AMCIS 2006 Proceedings (2006) 408.
[26] K. Parsons, D. Calic, M. Pattinson, M. Butavicius, A. McCormac, T. Zwaans, Thehuman
aspects of information security questionnaire (hais-q): two further validation studies,
Computers & Security 66 (2017) 40–51.

21. [27] T. Herath, H. R. Rao, Encouraging information security behaviours in organizations:
Role of penalties, pressures and perceived effectiveness, Decision Support Systems47 (2)
(2009) 154–165.
[28] J. A. Stoner, Risky and cautious shifts in group decisions: The influence of widely held
values, Journal of Experimental Social Psychology 4 (4) (1968) 442–459.
[29] H. Aldawood and G. Skinner, “Reviewing cyber security social engineering training and
awareness programs—pitfalls and ongoing issues,” Future Internet, vol. 11, no. 3, p. 73,
2019.
[30] K. J. Knapp, R. F. Morris Jr, T. E. Marshall, and T. A. Byrd, “Information security
policy: An organizational-level process model,” computers &security, vol. 28, no. 7, pp.
493–508, 2009.
[31] C. Senarak, “Port cybersecurity and threat: A structural model for prevention and policy
development,” The Asian Journal of Shipping and Logistics, 2020.
[32] A. Karakasiliotis, S. Furnell, and M. Papadaki, “Assessing end-user awareness of social
engineering and phishing,” 2006.
[33] L. Li, W. He, L. Xu, I. Ash, M. Anwar, and X. Yuan, “Investigating the impact of
cybersecurity policy awareness on employees’ cybersecurity behavior,” International Journal
of Information Management, vol. 45, pp. 13–24, 2019.
[34] M. Siponen, M. A. Mahmood, and S. Pahnila, “Employees’ adherence to information
security policies: An exploratory field study,” Information& management, vol. 51, no. 2, pp.
217–224, 2014.
[35] F. Bélanger, S. Collignon, K. Enget, and E. Negangard, “Determinants of early
conformance with information security policies,” Information& Management, vol. 54, no. 7,
pp. 887–901, 2017.
[36] K.-c. Chang and Y. M. Seow, “Effects of it-culture conflict and user dissatisfaction on
information security policy non-compliance: A sense-making perspective,” 2014.
[37] F. Hadi, M. Imran, M. H. Durad, and M. Waris, “A simple security policy enforcement
system for an institution using sdn controller,” in 2018 15th International Bhurban
Conference on Applied Sciences and Technology (IBCAST). IEEE, 2018, pp. 489–494.
[38] V. D. Soni, “Disaster recovery planning: Untapped success factor in an organization,”
Available at SSRN 3628630, 2020.

22. [39] J. Horney, M. Nguyen, D. Salvesen, O. Tomasco, and P. Berke, “Engaging the public in
planning for disaster recovery,” International journal of disaster risk reduction, vol. 17, pp.
33–37, 2016.
[40] F. Salahdine and N. Kaabouch, “Social engineering attacks: A survey,” Future Internet,
vol. 11, no. 4, p. 89, 2019.
[41] C. Okoli, K. Schabram, A guide to conducting a systematic literature review of
information systems research.
[42] NCSC, National Cybersecurity Centre (Accessed 2019). Link
[43] S. Inc., Surveymonkey (Accessed 2019). Link
[44] Stats, “Saudi general authority for statistics,” Accessed 2020. [Online]. Available:
https://www.stats.gov.sa/
[45] Statista, “Statista,” Accessed 2020. [Online]. Available: https://www.statista.com/
[46] C. Bronk and E. Tikk-Ringas, “The cyber-attack on Saudi Aramco,” Survival, vol. 55,
no. 2, pp. 81–96, 2013.
[47] D. D. Cheong, “Cyberattacks in the gulf: lessons for active defence,” 2012.
[48] S. S. Basamh, H. Qudaih, and J. B. Ibrahim, “An overview on cybersecurity awareness
in Muslim countries,” International Journal of Information and Communication Technology
Research, 2014.
[49] ITU, “Committed to connecting the world,” Accessed 2020. [Online]. Available:
https://www.itu.int/en/Pages/default.aspx
[50] T. McClelland, “The insider’s view of a data breach-how policy, forensics, and
attribution apply in the real world,” 2018.
[51] R. Bhor and H. Khanuja, “Analysis of web application security mechanism and attack
detection using vulnerability injection technique,” in 2016 International Conference on
Computing Communication Control and automation (ICCUBEA). IEEE, 2016, pp. 1–6.
[52] J. Saleem and M. Hammoudeh, “Defense methods against social engineering attacks,” in
Computer and network security essentials. Springer, 2018, pp. 603–618.

23. MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
Abdurrahman Pektaş1
, Elif Nurdan Pektaş2
and Tankut Acarman1
1
Department of Computer Engineering, Galatasaray University, İstanbul, Turkey 2
Siemens
Turkey, Yakack Caddesi No: 111, 34870 Kartal, Istanbul, Turkey
ABSTRACT
In the era of information technology and connected world, detecting malware has been a major
security concern for individuals, companies and even for states. The New generation of malware
samples upgraded with advanced protection mechanism such as packing, and obfuscation
frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior
thanks to its description capability of a software functionality. In this paper, we propose an
effective and efficient malware detection method that uses sequential pattern mining algorithm to
discover representative and discriminative API call patterns. Then, we apply three machine
learning algorithms to classify malware samples. Based on the experimental results, the proposed
method assures favorable results with 0.999 F-measure on a dataset including 8152 malware
samples belonging to 16 families and 523 benign samples.
KEYWORDS
Android, Malware, Frequent Sequence Mining, Behavioural Pattern, API Calls, Dynamic
Analysis
For More Details : http://aircconline.com/ijnsa/V10N4/10418ijnsa01.pdf
Volume Link : http://airccse.org/journal/jnsa18_current.html

24. REFERENCES
[1] Statcounter: Operating system market share worldwide, (2018). http://gs.statcounter.com/os-
marketshare#monthly-201801-201801-bar. [Online; accessed 7-October-2017].
[2] Ilsun You & Kangbin Yim (2010) “Malware obfuscation techniques: A brief survey”,
Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010
International Conference on, pp297– 300.
[3] 2016 Symantec Security Report, Internet:
https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf, 29.06.2018.
[4] Abdurrahman Pektas & Tankut Acarman (2018) “Malware classification based on api calls
and behavior analysis”, IET Information Security, Vol. 12, No.2, pp 107-117.
[5] Abdurrahman Pektas & Tankut Acarman (2014) “A dynamic malware analyzer against
virtual machine aware malicious software”, Security and Communication Networks, Vol. 7,
No.12, pp2245–2257.
[6] Nizar R Mabroukeh & Christie I Ezeife (2010) “A taxonomy of sequential pattern mining
algorithms”, ACM Computing Surveys (CSUR), Vol. 43, No.1:3.
[7] Philippe Fournier-Viger & Jerry Chun-Wei Lin & Rage Uday Kiran & Yun Sing Koh &
Rincy Thomas (2017) “A survey of sequential pattern mining”, Data Science and Pattern
Recognition, Vol.1, No.1, pp54–77.
[8] Yong Qiao & Jie He & Yuexiang Yang & Lin Ji (2013) “Analyzing malware by abstracting
the frequent itemsets in api call sequences”,Trust, Security and Privacy in Computing and
Communications (TrustCom), 2013 12th IEEE International Conference on, pp.265–270.
[9] Youngjoon Ki & Eunjin Kim & Huy Kang Kim (2015) “A novel approach to detect malware
based on api call sequence analysis”, International Journal of Distributed Sensor Networks, Vol.
11, No.6,pp:95-10.
[10] In Kyeom Cho & Eul Gyu Im (2015), “Extracting representative api patterns of malware
families using multiple sequence alignments”, In Proceedings of the 2015 Conference on
research in adaptive and convergent systems, pp.308–313.
[11] Winfried Just (2001) “Computational complexity of multiple sequence alignment with sp-
score”, Journal of computational biology, Vol. 8, No. 6. pp. 615–623.
[12] Lusheng Wang & Tao Jiang (1994), “On the complexity of multiple sequence alignment”,
Journal of computational biology, Vol. 1, No.4, p.337–348.
[13] Yujie Fan &Yanfang Ye & Lifei Chen (2016), “Malicious sequential pattern mining for
automatic malware detection”, Expert Systems with Applications, Vol.52, pp.16–25.

25. [14] Iltaek Kwon & Eul Gyu Im (2017), “Extracting the representative api call patterns of
malware families using recurrent neural network”, In Proceedings of the International
Conference on Research in Adaptive and Convergent Systems, pp.202–207.
[15] Canfora, G., Mercaldo, F., & Visaggio, C. A. (2016). An hmm and structural entropy based
detector for android malware: An empirical study. Computers & Security, 61, 1-18.
[16] Salehi, Z., Sami, A., & Ghiasi, M. (2017). MAAR: Robust features to detect malicious
activity based on API calls, their arguments and return values. Engineering Applications of
Artificial Intelligence, 59, 93-102.
[17] Shijo, P. V., & Salim, A. (2015). Integrated static and dynamic analysis for malware
detection. Procedia Computer Science, 46, 804-811.
[18] Cuckoo Sandbox, Internet: https://cuckoosandbox.org/, 29.06.2018.
[19] Virustotal, Internet: https://www.virustotal.com/, 29.06.2018.
[20] Payam Refaeilzadeh & Lei Tang & Huan Liu (2009) “Cross-validation”, In Encyclopedia of
database systems, pp.532–538, Springer.
[21] A. Barthels, Behavior-based Malware Detection, Faculty of Informatics, The Technical
University of Munich, Master Thesis, 2009.
[22] Chand, C., Thakkar, A., & Ganatra, A. (2012). Sequential pattern mining: Survey and
current research challenges. International Journal of Soft Computing and Engineering, 2(1), 185-
193.
[23] Parikh, M., Chaudhari, B., & Chand, C. (2013). A comparative study of sequential pattern
mining algorithms. International Journal of Application or Innovation in Engineering &
Management (IJAIEM), 2(2).
[24] Mooney, C. H., & Roddick, J. F. (2013). Sequential pattern mining--approaches and
algorithms. ACM Computing Surveys (CSUR), 45(2), 19.
[25] Ramakrishnan Srikant & Rakesh Agrawal (1996), “Mining sequential patterns:
Generalizations and performance improvements”, In International Conference on Extending
Database Technology, pp.1–17, Springer.
[26] Jay Ayres & Jason Flannick & Johannes Gehrke & Tomi Yiu (2002) “Sequential pattern
mining using a bitmap representation”, In Proceedings of the eighth ACM SIGKDD international
conference on Knowledge discovery and data mining, pp.429–435.
[27] Mohammed J Zaki. Spade (2001) “An efficient algorithm for mining frequent sequences.
Machine learning”, Vol.42, No.1-2, pp.31–60.

26. [28] Philippe Fournier-Viger &Antonio Gomariz & Ted Gueniche &Azadeh Soltani & Cheng-
Wei Wu & Vincent S Tseng (2014) “Spmf: a java open-source pattern mining library”, The
Journal of Machine Learning Research, Vol.15, No.1, pp.3389–3393.
[29] SPMF library, Internet: http://www.philippe-fournier-viger.com/spmf/, 29.06.2018.
[30] Philippe Fournier-Viger & Antonio Gomariz & Manuel Campos & Rincy Thomas (2014)
“Fast vertical mining of sequential patterns using co-occurrence information”, In Pacific-Asia
Conference on Knowledge Discovery and Data Mining, pp.40–52, Springer.
[31] Gandotra, E., Bansal, D., & Sofat, S. (2014). Malware analysis and classification: A survey.
Journal of Information Security, 5(02), 56.
[32] Leo Breiman (2001) “Random forests”, Machine learning, Vol.45, No.1, pp.5–32.
[33] Padraig Cunningham & Sarah Jane Delany (2007) “k-nearest neighbour classifiers”,
Multiple Classifier Systems, Vol.34, pp.1–17.
[34] Marti A. Hearst & Susan T Dumais & Edgar Osuna & John Platt & Bernhard Scholkopf
(1998), “Support vector machines”, IEEE Intelligent Systems and their applications, Vol. 13,
No.4, pp.18–28.
[35] Fabian Pedregosa & Gaël Varoquaux &Alexandre Gramfort & Vincent Michel & Bertrand
Thirion & Olivier Grisel & Mathieu Blondel & Peter Prettenhofer &Ron Weiss &Vincent
Dubourg (2011) “Scikit-learn: Machine learning in python”, Journal of machine learning
research, Vol. 12, pp.2825–2830.
[36] Hossin, M., & Sulaiman, M. N. (2015). A review on evaluation metrics for data
classification evaluations. International Journal of Data Mining & Knowledge Management
Process, 5(2), 1.
[37] Yiming Yang (1999) “An evaluation of statistical approaches to text categorization”,
Information retrieval, Vol.1, No. 1-2, pp.69–90.
[38] Thomas G Dietterich (1998), “Approximate statistical tests for comparing supervised
classification learning algorithms”, Neural computation, Vol.10, No.7, pp.1895–1923.
AUTHORS
Abdurrahman Pektaş received his B.Sc. and M Sc. at Galatasaray University
and his PhD at the University of Joseph Fourier, all in computer engineering, in
2009, 2012 and 2015, respectively. He is a senior researcher at Galatasaray
University. His research interests are analysis, detection and classification of
malicious software, machine learning and security analysis tool development.

27. Elif Nurdan Pektaş received his B.Sc. and M Sc. at Galatasaray University all
in computer engineering, in 2010, and 2014, respectively. She is leading
software developer at Siemens Turkey. Her research interests are developing
IoT based applications, deep learning, cloud based application and automated
testing.
Tankut Acarman received his Ph.D. degree in Electrical and Computer
engineering from the Ohio State University in 2002. He is professor and head of
computer engineering department at Galatasaray University in Istanbul, Turkey.
His research interests lie along all aspects of autonomous s ystems, intelligent
vehicle technologies and security. He is the co-author of the book entitled
“Autonomous Ground.

28. PLEDGE: A POLICY-BASED SECURITY PROTOCOL FOR PROTECTING
CONTENT ADDRESSABLE STORAGE ARCHITECTURES
Wassim Itani Ayman Kayssi Ali Chehab
Department of Electrical and Computer Engineering
American University of Beirut
Beirut 1107 2020, Lebanon
ABSTRACT
In this paper we present PLEDGE, an efficient and scalable security ProtocoL for protecting
fixedcontent objects in contEnt aDdressable storaGe (CAS) architEctures. PLEDGE follows an
end-to-end policy-driven security approach to secure the confidentiality, integrity, and
authenticity of fixed-content entities over the enterprise network links and in the nodes of the
CAS device. It utilizes a customizable and configurable extensible mark-up language (XML)
security policy to provide flexible, multi-level, and fine-grained encryption and hashing
methodologies to fixed content CAS entities. PLEDGE secures data objects based on their
content and sensitivity and highly overcomes the performance of bulk and raw encryption
protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS)
protocols. Moreover, PLEDGE transparently stores sensitive objects encrypted (partially or
totally) in the CAS storage nodes without affecting the CAS storage system operation or
performance and takes into consideration the processing load, computing power, and memory
capabilities of the client devices which may be constrained by limited processing power, memory
resources, or network connectivity. PLEDGE complies with regulations such as the Health
Insurance Portability and Accountability Act (HIPAA) requirements and the SEC Rule 17a-4
financial standards. The protocol is implemented in a real CAS network using an EMC Centera
backend storage device. The application secured by PLEDGE in the sample implementation is an
X-Ray radiography scanning system in a healthcare network environment. The experimental test
bed implementation conducted shows a speedup factor of three over raw encryption security
mechanisms.
KEYWORDS
Security, Content-addressable storage security, Policy-driven security, Customizable security.
For More Details : http://airccse.org/journal/nsa/1010s8.pdf
Volume Link : http://airccse.org/journal/jnsa10_current.html

29. REFERENCES
[1] W. Itani, A. Kayssi, A. Chehab, “An efficient and scalable Security ProtocoL for protecting
fixedContent Objects in ContEnt aDdressable StoraGe architectures”, in Proc. of the Third
International Conference on Security and Privacy in Communication Networks, Nice,
France, Sept, 2007.
[2] A. Freier, P. Karlton, P. Kocher, “The SSL Protocol Version 3.0, ” Internet-Draft, 1996.
[3] T. Dierks, C. Allen, “The TLS Protocol – Version 1.0, ” RFC 2246, 1999.
[4] EMC Centera homepage: http://www.emc.com/products/family/emc-centera-family.htm,
accessed Jan. 14, 2008.
[5] Health Insurance Portability & Accountability Act homepage: http://www.hipaa.org,
accessed Jan. 14, 2008.
[6] SEC 17 CFR Part 240, Release No. 34-38245, “Reporting Requirements for Broker Dealers
Under the Security Exchange Act of 1934,” January 1997, http://www.sec.gov/rules/final/34-
38245.txt, accessed Jan. 14, 2008.
[7] J. Daemen and V. Rijmen, “Rijndael, the advanced encryption standard,” Dr. Dobb's Journal,
vol. 26, no. 3, March 2001, pp. 137 - 139.
[8] National Institute of Standards and Technology, August 2002, Secure Hash Standard, Federal
Information Processing Standards, Publication 180-2,
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf, accessed Jan.
14, 2008.
[9] Y. Zheng, J. Pieprzyk, J. Seberry, “HAVAL--A One-Way Hashing Algorithm with Variable
Length of Output,” in Proc. Workshop on the Theory and Application of Cryptographic
Techniques: Advances in Cryptology, pp. 83-104, 1992.
[10] R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1321, 1992.
[11] W. Itani, A. Kayssi, “J2ME End-to-End Security for M-Commerce,” in Proc IEEE
Wireless Communications and Networking Conference, 2003.
[12] W. Itani, A. Kayssi, “SPECSA: a Scalable, Policy-driven, Extensible, and Customizable
Security Architecture for Wireless Enterprise Applications,” Computer Communications,
vol. 27, no. 18, December 2004, pp. 1825 - 1839.
[13] W. Itani, A. Kayssi, A. Chehab, “PATRIOT – a Policy-Based, Multi-level Security
Protocol for Safekeeping Audit Logs on Wireless Devices,” in Proc. IEEE/CreateNet First

30. International Conference on Security and Privacy for Emerging Areas in Communication
Networks (SecureComm), Athens, Greece, 2005.
[14] W. Itani, A. Kayssi, A. Chehab, “An Enterprise Policy-Based Security Protocol for
Protecting Relational Database Network Objects,” in Proc. 2006 International Wireless
Communications and Mobile Computing Conference (IWCMC), Vancouver, Canada, 2006.
[15] T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler, F. Yergeau (September 2006),
“Extensible Markup Language (XML) 1.0”, World Wide Web Consortium,
http://www.w3.org/TR/2006/REC-xml20060816/, accessed Jan. 14, 2008.
[16] The Gramm-Leach-Bliley Website: http://banking.senate.gov/conf/, accessed Jan. 14,
2008.
[17] J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R. Gummadi, S.
Rhea, H. Weatherspoon, C. Wells and B. Zhao, “OceanStore: an Architecture for Global-
Scale Persistent Storage,” in Proc. Ninth International Conference on Architectural Support
for Programming Languages and Operating Systems, pp. 190 - 201, November 2000,
Cambridge, Massachusetts, United States.
[18] H. Cheng, X. Li, “Partial Encryption of Compressed Images and Videos,” IEEE
Transactions on Signal Processing, vol. 48, no. 8, pp. 2439-2451, August 2000.
[19] M. Van Droogenbroeck, R. Benedett, “Techniques for a Selective Encryption of
Uncompressed and Compressed Images,” in Proc. Advanced Concepts for Intelligent Vision
Systems, pp. 90 - 97, Ghent University, Belgium, September 2002.
[20] R. Pfarrhofer and A. Uhl, “Selective Image Encryption using JBIG,” Lecture Notes in
Computer Science, pp. 98-107, 2005.
[21] S. Lian, J. Sun, D. Zhang, Z. Wang, “A Selective Image Encryption Scheme Based on
JPEG2000 Codec,” Lecture Notes in Computer Science, vol. 3332, pp. 65 - 72, 2004.
[22] X. Lu and A. Eskicioglu, “Selective Encryption of Multimedia Content in Distribution
Networks: Challenges and New Directions,” in Proc. IASTED International Conference on
Communications, Internet and Information Technology (CIIT 2003), Scottsdale, AZ, USA,
November 2003.
[23] A. Pommer and A. Uhl, “Application Scenarios for Selective Encryption of Visual Data,”
in Proc. Multimedia and Security Workshop, ACM Multimedia, pp. 71 - 74, Juan-les-Pins,
France, December 2002.
[24] A. Pommer and A. Uhl, “Selective Encryption of Wavelet-Packet Encoded Image Data
Efficiency and Security,” ACM Multimedia Systems, Special issue on Multimedia Security,
pp. 279 - 287, 2003.

31. [25] M. Van Droogenbroeck, “Partial Encryption of Images for Real-Time Applications,”
http://www.ulg.ac.be/telecom/publi/publications/mvd/Vandroogenbroeck2004Partial.pdf,
2004, accessed Jan. 14, 2008.
[26] S. Lakshmanan, M. Ahamad, and H. Venkateswaran, Responsive Security for Stored
Data, IEEE Transactions on Parallel and Distributed Systems, vol. 14, no. 9, September
2003.
[27] L. Wang, Y. Nie, W. Nie, and L. Jiao, “Artificial Immune Strategies Improve the
Security of Data Storage”, in Proc. ICNC 2005, LNCS 3611, pp. 839 – 848, 2005.
[28] S. Morgan, L. Russell and B. Reed, Security Method and System for Persistent Storage
and Communications on Computer Network Systems and Computer Network Systems
Employing the Same, International Business Machines Corporation, Patent number:
6816970, Nov 9, 2004.
[29] B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu, “A Framework for Efficient
Storage Security in RDBMS,” in Proc. Seventh Int’l Conf. Extending Database Technology
(EDBT 2004), Mar. 2004
[30] J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. N. Soules, and G. R. Ganger, Self-
Securing Storage: Protecting Data in Compromised Systems, in Proc. 2000 Symposium on
Operating Systems Design and Implementation (OSDI), October 2000.
[31] W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication and authenticated key
exchanges”, Designs, Codes and Cryptography 2 (1992), 107-125.

32. PERFORMANCE EVALUATION OF MACHINE LEARNING TECHNIQUES FOR DOS
DETECTION IN WIRELESS SENSOR NETWORK
Lama Alsulaiman and Saad Al-Ahmadi
Department of Computer Science, King Saud University, Riyadh, Saudi Arabia
ABSTRACT
The nature of Wireless Sensor Networks (WSN) and the widespread of using WSN introduce
many security threats and attacks. An effective Intrusion Detection System (IDS) should be used
to detect attacks. Detecting such an attack is challenging, especially the detection of Denial of
Service (DoS) attacks. Machine learning classification techniques have been used as an approach
for DoS detection. This paper conducted an experiment using Waikato Environment for
Knowledge Analysis (WEKA)to evaluate the efficiency of five machine learning algorithms for
detecting flooding, grayhole, blackhole, and scheduling at DoS attacks in WSNs. The evaluation
is based on a dataset, called WSN-DS. The results showed that the random forest classifier
outperforms the other classifiers with an accuracy of 99.72%.
KEYWORDS
Wireless Sensor Networks, Machine Learning, Denial of Service
For More Details : https://aircconline.com/ijnsa/V13N2/13221ijnsa02.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html

33. REFERENCES
[1] N. A. A. Aziz and K. A. Aziz, “Managing disaster with wireless sensor networks,” in
International Conference on Advanced Communication Technology, ICACT, 2011, pp.
202–207.
[2] I. Almomani, B. Al-Kasasbeh, and M. Al-Akhras, “WSN-DS: A Dataset for Intrusion
Detection Systems in Wireless Sensor Networks,” J. Sensors, vol. 2016, 2016, doi:
10.1155/2016/4731953.
[3] M. A. Alsheikh, S. Lin, D. Niyato, and H. P. Tan, “Machine learning in wireless sensor
networks: Algorithms, strategies, and applications,” IEEE Commun. Surv. Tutorials, 2014,
doi: 10.1109/COMST.2014.2320099.
[4] S. Gunduz, B. Arslan, and M. Demirci, “A review of machine learning solutions to denial-
of-services attacks in wireless sensor networks,” in Proceedings - 2015 IEEE 14th
International Conference on Machine Learning and Applications, ICMLA 2015, 2016, pp.
150–155, doi: 10.1109/ICMLA.2015.202.
[5] M. C. Belavagi and B. Muniyal, “Performance Evaluation of Supervised Machine Learning
Algorithms for Intrusion Detection,” in Procedia Computer Science, 2016, vol. 89, pp. 117–
123, doi: 10.1016/j.procs.2016.06.016.
[6] G. Pachauri and S. Sharma, “Anomaly Detection in Medical Wireless Sensor Networks
using Machine Learning Algorithms,” in Procedia Computer Science, 2015, vol. 70, pp.
325–333, doi: 10.1016/j.procs.2015.10.026.
[7] L. Almon, M. Riecker, and M. Hollick, “Lightweight Detection of Denial-of-Service
Attacks on Wireless Sensor Networks Revisited,” in Proceedings - Conference on Local
Computer Networks, LCN, 2017, vol. 2017-October, pp. 444–452, doi:
10.1109/LCN.2017.110.
[8] P. Nancy, S. Muthurajkumar, S. Ganapathy, S. V. N. Santhosh Kumar, M. Selvi, and K.
Arputharaj, “Intrusion detection using dynamic feature selection and fuzzy temporal
decision tree classification for wireless sensor networks,” IET Commun., 2020, doi:
10.1049/iet-com.2019.0172.
[9] V. T. Alaparthy and S. D. Morgera, “A Multi-Level Intrusion Detection System for Wireless
Sensor Networks Based on Immune Theory,” IEEE Access, 2018, doi:
10.1109/ACCESS.2018.2866962.
[10] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S.
Venkatraman, “Deep Learning Approach for Intelligent Intrusion Detection System,” IEEE
Access, 2019, doi: 10.1109/ACCESS.2019.2895334.

34. [11] B. Riyaz and S. Ganapathy, “A deep learning approach for effective intrusion detection in
wireless networks using CNN,” Soft Comput., vol. 24, no. 22, pp. 17265–17278, 2020, doi:
10.1007/s00500-020-05017-0.
[12] C. Ioannou, V. Vassiliou, and C. Sergiou, “An Intrusion Detection System for Wireless
Sensor Networks,” 2017, doi: 10.1109/ICT.2017.7998271.
[13] O. A. Osanaiye, A. S. Alfa, and G. P. Hancke, “Denial of Service Defence for Resource
Availability in Wireless Sensor Networks,” IEEE Access. 2018, doi:
10.1109/ACCESS.2018.2793841.
[14] I. H. Witten, E. Frank, M. A. Hall, and C. J. Pal, Data Mining: Practical Machine Learning
Tools and Techniques. 2016.
[15] A. D. Wood and J. A. Stankovic, “Denial of service in sensor networks,” Computer (Long.
Beach. Calif)., vol. 35, no. 10, pp. 54–62, 2002, doi: 10.1109/MC.2002.1039518.
[16] G. Holmes, A. Donkin, and I. H. Witten, “WEKA: A machine learning workbench,” 1994,
doi: 10.1109/anziis.1994.396988.

35. APPLYING THE HEALTH BELIEF MODEL TO CARDIAC IMPLANTED MEDICAL DEVICE
PATIENTS
George W. Jackson1
and Shawon Rahman2
1
College of Business and Technology, Capella University, Minneapolis, USA
2
Professor, Dept.of Computer Science & Engineering, University of Hawaii-Hilo,
200W.KawiliStreet, Hilo, HI96720, USA
ABSTRACT
Wireless Implanted Medical Devices (WIMD) are helping millions of users experience a better
quality of life. Because of their many benefits, these devices are experiencing dramatic growth in
usage, application, and complexity. However, this rapid growth has precipitated an equally rapid
growth of cybersecurity risks and threats. While it is apparent from the literature WIMD
cybersecurity is a shared responsibility among manufacturers, healthcare providers, and patients;
what explained what role patients should play in WIMD cybersecurity and how patients should
be empowered to assume this role. The health belief model (HBM) was applied as the theoretical
framework for a multiple case study which examined the question: How are the cybersecurity
risks and threats related to wireless implanted medical devices being communicated to patients
who have or will have these devices implanted in their bodies? The subjects of this multiple case
study were sixteen cardiac device specialists in the U.S., each possessing at least one year of
experience working directly with cardiac implanted medical device (CIMD) patients, who
actively used cardiac device home monitoring systems. The HBM provides a systematic
framework suitable for the proposed research. Because of its six-decade history of validity and
its extraordinary versatility, the health belief model, more efficiently than any other model
considered, provides a context for understanding and interpreting the results of this study. Thus,
the theoretical contribution of this research is to apply the HBM in a setting where it has never
been applied before, WIMD patient cybersecurity awareness. This analysis (using a multiple case
study) will demonstrate how the HBM can assist the health practitioners, regulators,
manufacturers, security practitioners, and the research community in better understanding the
factors, which support WIMD patient cybersecurity awareness and subsequent adherence to
cybersecurity best practices.
KEYWORDS
Health Belief Model, Healthcare Cybersecurity, Cardiac Implanted Device, Wireless Implanted
Medical Devices, WIMD, WIMD cybersecurity
For More Details : http://aircconline.com/ijnsa/V13N2/13221ijnsa03.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html

36. REFERENCES
[1] Lee, S. Hyun. & Kim Mi Na, (2008) “This is my paper”, ABC Transactions on ECE, Vol.
10,No. 5, pp120-122.
[2] Gizem, Aksahya & Ayese, Ozcan (2009) Communications & Networks, Network Books,
ABC Publishers.
[3] Williams, C. K., Wynn, D., Madupalli, R., Karahanna, E., & Duncan, B. K. (2014).
Explaining users' security behaviors with the security belief model. Journal of Organizational
and End User Computing, 26(3), 23-46.
[4] Ng, B. Y., Kankanhalli, A., & Xu, Y. C. (2009). Studying users' computer security behavior:
A health belief perspective. Decision Support Systems, 46(4), 815-825.
[5] Jung, E. E., Ho, E. Y., Chung, H., & Sinclair, M. (2015). Perceived risk and self-efficacy
regarding internet security in a marginalized community. Proceedings of the 33rd Annual
ACM Conference Extended Abstracts on Human Factors in Computing Systems, ACM,
1085-1090.
[6] Davinson, N., & Sillence, E. (2014). Using the health belief model to explore users'
perceptions of ‘being safe and secure’ in the world of technology-mediated financial
transactions. International Journal of Human-Computer Studies, 72(2), 154-168.
[7] Khan, B., Alghathbar, K. S., Nabi, S. I., & Khan, M. K. (2011). The effectiveness of
information security awareness methods based on psychological theories. African Journal of
Business Management, 5(26), 10862-10868.
[8] Marton, C., & Chun, W. C. (2012). A review of theoretical models of health information
seeking on the web. Journal of Documentation, 68(3), 330-352.
[9] Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for
security policy compliance in organizations. European Journal of Information Systems,
18(2), 106-125.
[10] Armitage, C. J., & Conner, M. (2000). Social cognition models and health behaviour: A
structured review. Psychology and health, 15(2), 173-189.
[11] Camara, C., Peris-Lopez, P., & Tapiador, J.E. (2015). Security and privacy issues in
implantable medical devices: A comprehensive survey. Journal of Biomedical Informatics,
55, 272-289.
[12] Denning, T., Borning, A., Friedman, B., Gill, B. T., Kohno, T., & Maisel, W. H. (2010).
Patients, pacemakers, and implantable defibrillators: Human values and security for wireless
implantable medical devices. Proceedings of the SIGCHI Conference on Human Factors in
Computing Systems, 917-926.

37. [13] Fu, K. (2009). Inside risks: Reducing risks of implantable medical devices. Communications
of the ACM, 52(6), 25-27.
[14] Fu, K., & Blum, J. (2013). Controlling for cybersecurity risks of medical device software.
Communications of the ACM, 56(10), 35-37
[15] Kotz, D. (2011). A threat taxonomy for mHealth privacy. Proceedings of Third International
Conference on Communication Systems and Network (COMSNETS), 1-6.
[16] Leavitt, N. (2010). Researchers fight to keep implanted medical devices safe from hackers.
Computer, 43(8), 11-14.
[17] Ray, A., Jones, P., & Zhang, Y. (2013). Medical device security-A new frontier. Biomedical
Instrumentation & Technology, 47(1), 72-72.
[18] Sametinger, J., Rozenblit, J., Lysecky, R., & Ott, P. (2015). Security Challenges for Medical
Devices. Communications of the ACM, 58(4), 74-82.
[19] Williams, P. A., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical
devices: a complex environment and multifaceted problem. Medical Devices: Evidence and
Research, 8, 305–316.
[20] Middaugh, D. J. (2016). Do security flaws put your patients' health at risk? MedSurg
Nursing, 25(2), 131-133.
[21] Boulos, P., Sargolzaei, A., Ziaei, A., & Sargolzaei, S. (2016). Pacemakers: A Survey on
Development History, Cyber-Security Threats, and Countermeasures.
[22] Perakslis, E. D. (2014). Cybersecurity in health care. New England Journal of Medicine,
371(5), 395-397.
[23] Lyon, D. (2016). Making Trade-Offs for Safe, Effective, and Secure Patient Care. Journal of
Diabetes Science and Technology,
[24] Sansurooah, K. (2015). Security risks of medical devices in wireless environments.
[25] Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare:
Current state of research. International Journal of Internet and management, 6(4), 279-314.
[26] Armstrong, D. G., Kleidermacher, D. N., Klonoff, D. C., & Slepian, M. J. (2015). Cyber
security regulation of wireless devices for performance and assurance in the age of
“medjacking”. Journal of Diabetes Science and Technology, 1-4.
[27] Garfinkel, S. L. (2012). The cybersecurity risk. Communications of the ACM, 55(6), 29-32.

38. [28] Klonoff, D. C. (2015). Cybersecurity for connected diabetes devices. Journal of diabetes
science and technology.
[29] Rushanan, M., Rubin, A. D., Kune, D. F., & Swanson, C. M. (2014). SoK: Security and
privacy in implantable medical devices and body area networks. Proceedings of IEEE
Security and Privacy 2014 Symposium, 524-539.
[30] Wirth, A. (2011). Cybercrimes pose growing threat to medical devices. Biomedical
Instrumentation & Technology, 45(1), 26-34.
[31] Hansen, J. A., & Hansen, N. M. (2010). A taxonomy of vulnerabilities in implantable
medical devices. In Proceedings of the Second Annual Workshop On Security and Privacy in
Medical and Home-Care Systems, 13-20/
[32] Murphy, S. (2015). Is cyber security possible in healthcare? National Cybersecurity Institute
Journal,1(3)49-63.
[33] Gupta, S. (2012). Implantable Medical Devices-Cyber Risks and Mitigation Approaches. In
Proceedings of the Cybersecurity in Cyber-Physical Workshop, The National Institute of
Standards and Technology (NIST), US.
[34] Ellouze, N., Rekhis, S., Boudriga, N., & Allouche, M. (2017). Cardiac Implantable Medical
Devices forensics: Postmortem analysis of lethal attacks scenarios. Digital Investigation, 21,
11- 30.
[35] Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., & Maisel, W. H. (2008). Security
and privacy for implantable medical devices. IEEE pervasive computing, 7(1), 30-39.
[36] Burleson, W., Clark, S. S., Ransford, B., & Fu, K. (2012, June). Design challenges for
secure implantable medical devices. In Proceedings of the 49th Annual Design Automation
Conference (pp. 12-17). ACM.
[37] Rostami, M., Burleson, W., Koushanfar, F., & Juels, A. (2013, May). Balancing security
and utility in medical devices? In Proceedings of the 50th Annual Design Automation
Conference (p. 13). ACM.
[38] Faizi, Salman and Rahman, Shawon;” Securing Cloud Computing Through IT
Governance”; International Journal of Information Technology in Industry (ITII), vol. 7,
no.1, 2019, Pages: 1-14
[39] Jackson, George and Rahman, Shawon; “Exploring Challenges and Opportunities in
Cybersecurity Risk and Threat Communications related to the Medical Internet of Things
(MIoT)”, International Journal of Network Security & Its Applications (IJNSA), Vol. 11,
No.4, July 2019.

39. [40] Loukaka, Alain and Rahman, Shawon; “Discovering New Cyber Protection Approaches
From a Security Professional Prospective”; International Journal of Computer Networks &
Communications (IJCNC) Vol.9, No.4, July 2017
[41] Al-Mamun, Abdullah, Rahman, Shawon and et al;“ Security Analysis of AES and
Enhancing its Security by Modifying S-Box with an Additional Byte ”; International Journal
of Computer Networks & Communications (IJCNC), Vol.9, No.2, March 2017
[42] Opala, Omondi John; Rahman, Shawon; and Alelaiwi, Abdulhameed; “The Influence of
Information Security on the Adoption of Cloud computing: An Exploratory Analysis”,
International Journal of Computer Networks & Communications (IJCNC), Vol.7, No.4, July
2015
[43] Faizi, Salman and Rahman, Shawon; “Secured Cloud for Enterprise Computing”; 34th
International Conference on Computers and Their Applications (CATA-2019), March 18-20,
2019, Waikiki Beach Marriott Resort & Spa, Honolulu, Hawaii, USA
[44] Faizi, Salman and Rahman, Shawon; “Choosing the Best-fit Lifecycle Framework while
Addressing Functionality and Security Issues”; 34th International Conference on Computers
and Their Applications (CATA-2019), March 18-20, 2019, Waikiki Beach Marriott Resort &
Spa, Honolulu, Hawaii, USA
[45] Schneider, Marvin and Rahman, Shawon “Protection Motivation Theory Factors that
Influence Undergraduates to Adopt Smartphone Security Measures ”; International Journal of
Information Technology in Industry (ITII), Vol 9, No 1 (2021)

40. INTERNAL SECURITY ON AN IDS BASED ON AGENTS
Rafael Páez, Mery Yolima Uribe, Miguel Torres
Pontificia Universidad Javeriana, Bogotá, Colombia
ABSTRACT
An Intrusion Detection System (IDS) can monitor different events that may occur in a
determined network or host, and which affect any network security service (confidentiality,
integrity, availability). Because of this, an IDS must be flexible and it must detect and trace each
alert without affecting the system´s performance. On the other hand, agents ina Multi-Agent
system have inherent security problems due to their mobility; that’s why we propose some
techniques in order to provide internal security for the agents belonging to the system. The
deployed IDS works with a multiagent platform and each component inside the infrastructure is
verified using security techniques in order to provide integrity. Likewise, the agents can
specialize in order to carry out specific jobs, for example monitoring TCP, UDP traffic, etc. The
IDS can work without interfering in the system's performance. In this article we present a
hierarchical IDS deployment with internal security on a multiagent system, using a platform
named ESA with its processes, functions and results.
KEYWORDS
Mobile Agents, Multi-Agent Systems, Mobile Code, Security Techniques, Intrusion Detection
System.
For More Details : http://airccse.org/journal/nsa/5413nsa10.pdf
Volume Link : http://airccse.org/journal/jnsa13_current.html

41. REFERENCES
[17] L. J. LaPadula and D. E. Bell. Secure computer system: A mathematical model. Technical
Report ESD-TR-278, vol.2, The Mitre Corp., 1973.
[18] R. Páez, M. Torres. “Laocoonte: An Agent Based Intrusion Detection System”. International
symposium on Collaborative Technologies and systems, COLSEC09, ISBN: 978-1-4244-
4585-1 May 18-22, 2009. Baltimore, Maryland-EEUU.
[19] H.S. Nwana., Software Agents: An Overview, Knowledge Engineering Review, 11(3),1996,
1-40.
[20] R. Paez, J. Tomas-Buliart, J. Forne, M. Soriano (2008). “Securing Agents against Malicious
Host in an Intrusion Detection System”. LNCS, 5141:94-105. ISSN: 0302-9743
[21] Ghorbani Ali A., Lu Wei, Tavallaee Mahbod; ISBN 978-0-387-88770-8, e-ISBN 978-0-
387-88771-5, DOI 10.1007/978-0-387-88771-5. Springer New York Dordrecht Heidelberg,
London. 2010.
[22] Frederick and K. Kent, “Network intrusion detection signatures,”. Available:
http://www.securityfocus.com/infocus/1524
[23] I. DARPA, “The common intrusion detection framework (CIDF)”. 1999. Available:
http://gost.isi.edu/cidf/
[24] A. Wierzbicki, J. Kalinski, and T. Kruszona, “Common Intrusion Detection Signatures,
standard (CIDSS)”. 2008. Available: http://tools.ietf.org/html/draft-wierzbicki-cidss-05
[25] “CIDSS: XML Schema” Available: http://xml.coverpages.org/appSecurity.html#cidss
[26] Sourcefire, “Snort”. 2010. Available: http://www.snort.org/
[27] Alfon, “Sistemas de detección de intrusos y SNORT”. 2008. Available:
http://seguridadyredes.nireblog.com/post/2008/01/23/sistemas-de-deteccion-de-intrusos-y-
snort-iicreacion-de-reglas-ii-opciones-de-las-reglas
[28] D. Ferraiolo, D. R. Kuhn, and R. Chandramouli, Role Based Access Control,
2003.Available:
http://books.google.com.co/books?id=48AeIhQLWckC&printsec=frontcover&source=gbs_
slider_thumb#v=onepage&q&f=false
[29] RedHat, “The Bell-La Padula model (BLP)”. 2008. Available:
http://docs.redhat.com/docs/esES/index.html

42. [30] V. GUARD, “Control de acceso basado en roles”. Available:
http://www.visualguard.com/download/VisualGuard-Detailed-Features-SP.pdf
[31] Sánchez, M.; Jiménez, B.; Gutiérrez, F. L., Paderewski, P; Isla, J. L. "Modelo de control de
acceso en un sistema colaborativo". Actas VII Congreso Internacional de Interacción
Persona-Ordenador. pp: 227 - 237 (2006)
[32] E. Ruiz, A. Rivera, D. Quintero, and E. Hernández., “Seguridad y protección en sistemas
operativos - políticas de seguridad”. 2009. Available:
http://www.seguridadso.netai.net/index.php?option=com_content&view=article&id=53&Ite
mid=65
[33] E. Gonzalez, C. Bustacara, J. P. Garzon, M. Torres, and D. Ahogado, Desarrollo de
aplicaciones basadas en sistemas multiagentes, editorial Javeriana, Ed., 2007, no. 978-958-
683-871-4.
[34] K. Fujii, “Jpcap.”. Available: http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/
[35] A. Párrizas, “Propuesta de una arquitectura de sistemas de detección de intrusos con
correlación,” Ph.D. dissertation, Universidad de Valencia, Escola Técnica Superior de
Enginyeria, Valencia, 2005.
[36] L. Coppolino, S. DAntonio, M. Esposito, and L. Romano, “Exploiting diversity and
correlation to improve the performance of intrusion detection systems”. 2009.
[37] F. Valeur, G. Vigna, C. Kruegel, and R. Kemmerer, “A comprehensive approach to
intrusion detection alert correlation”. IEEE Transactions on dependable and secure
computing, 2004: pp. 146-169.
[38] Steeb, Willi-Hans, Solms Fritz. “C++ programming with applications in administration,
finance, and statistics”. World Scientific Publishing Co, Pte. Ltd. ISBN: 981-02-4066-X.
2000.
[39] J. Hunter, “Jdom”. Available: http://www.jdom.org
[40] http://www.backtrack-linux.org/
[41] R. Páez, C. Satizábal, and J. Forné, “A performance model to cooperative itinerant agents
(CIA): A Security Scheme to IDS,” in Second International Conference on Availability,
Reliability and Security. IEEE Computer Society, 2007.
[42] JADE, Java Agent Development Framework. Available: http://jade.tilab.com/