The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.

1. Network Security and
Its Applications
Top Read Articles in
October 2020
International Journal of Network Security &
Its Applications (IJNSA)
http://airccse.org/journal/ijnsa.html
ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)

2. SECURITY & PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN
INTERNET OF THINGS
Faheem Masoodi1
Shadab Alam2
and Shams Tabrez Siddiqui2
1
Department of Computer Science, University of Kashmir, J&k, India 2
Department of Computer
Science, Jazan University, KSA
ABSTRACT
The idea to connect everything to anything and at any point of time is what vaguely defines the
concept of the Internet of Things (IoT). The IoT is not only about providing connectivity but also
facilitating interaction among these connected things. Though the term IoT was introduced in
1999 but has drawn significant attention during the past few years, the pace at which new
devices are being integrated into the system will profoundly impact the world in a good way but
also poses some severe queries about security and privacy. IoT in its current form is susceptible
to a multitudinous set of attacks. One of the most significant concerns of IoT is to provide
security assurance for the data exchange because data is vulnerable to some attacks by the
attackers at each layer of IoT. The IoT has a layered structure where each layer provides a
service. The security needs vary from layer to layer as each layer serves a different purpose. This
paper aims to analyze the various security and privacy threats related to IoT. Some attacks have
been discussed along with some existing and proposed countermeasures.
KEYWORDS
Internet of Things, privacy, attacks, security, threats, protocols.
For More Details : http://aircconline.com/ijnsa/V11N2/11219ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa19_current.html

3. REFERENCES
[1] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of things (IoT): a vision,
architectural elements, and future directions, Future Gener. Comput. Syst. 29 (7) (2013) 1645–
1660.
[2] Roman, R., Najera, P., Lopez, J., 2011. Securing the internet of things. Computer 44 (9),
51_58.
[3] Horrow, S., and Anjali, S. (2012). Identity Management Framework for Cloud-Based Internet
of Things. SecurIT ’12 Proceedings of the First International Conference on Security of Internet
of Things, 200– 203. 2012
[4] Whitmore, A., Agarwal, A., and Da Xu, L. (2014). The Internet of Things: A survey of topics
and trends. Information Systems Frontiers, 17(2), 261– 274.
[5] Aazam, M., St-Hilaire, M., Lung, C.-H., and Lambadaris, I. (2016). PRE-Fog: IoT trace
based probabilistic resource estimation at Fog. 2016 13th IEEE Annual Consumer
Communications and Networking Conference (CCNC), 12– 17.
[6] Jiang, H., Shen, F., Chen, S., Li, K. C., and Jeong, Y. S. (2015). A secure and scalable
storage system for aggregate data in IoT. Future Generation Computer Systems, 49, 133– 141.
[7] Li, S., Tryfonas, T., and Li, H. (2016). The Internet of Things: a security point of view.
Internet Research, 26(2), 337– 359.
[8] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash. Internet of things:
A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys
Tutorials, 17(4):2347–2376, Fourth quarter 2015.
[9] Pongle, P., and Chavan, G. (2015). A survey: Attacks on RPL and 6LoWPAN in IoT. 2015
International Conference on Pervasive Computing: Advance Communication Technology and
Application for Society, ICPC 2015, 0(c), 0–5.
[10] Tsai, C.-W., Lai, C.-F., and Vasilakos, A. V. (2014). Future Internet of Things: open issues
and challenges. Wireless Networks, 20(8), 2201–2217.
[11] V. Karagiannis, P. Chatzimisios, F. Vazquez-Gallego, and J. Alonso-Zarate, "A survey on
application layer protocols for the internet of things," Transaction on IoT and Cloud Computing,
vol. 3, no. 1, pp. 11-17, 2015
[12] D. Locke, "MQ telemetry transport (MQTT) v3. 1 protocol specification," IBM Developer
WorksTechnicalLibrary,2010,
http://www.ibm.com/developerworks/webservices/library/wsmqtt/index.html

4. [13] M. Singh, M. Rajan, V. Shivraj, and P. Balamuralidhar, "Secure MQTT for the Internet of
Things (IoT)," in Fifth International Conference on Communication Systems and Network
Technologies (CSNT 2015), April 2015, pp. 746-751.
[14] OASIS, "OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0," 2012,
http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-complete-v1.0-os.pdf
[15] T. Winter, et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks," IETF
RFC 6550, Mar. 2012, http://www.ietf.org/rfc/rfc6550.txt
[16] A. Aijaz and A. Aghvami, "Cognitive machine-to-machine communications for internet-of-
things: A protocol stack perspective," IEEE Internet of Things Journal, vol. 2, no. 2, pp. 103-112,
April 2015,
[17] http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=7006643
[18] Z. Zhou, B. Yao, R. Xing, L. Shu, and S. Bu, "E-CARP: An energy-efficient routing
protocol for UWSNs on the internet of underwater things," IEEE Sensors Journal, vol. PP, no.
99, 2015, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7113774
[19] D. Dujovne, T. Watteyne, X. Vilajosana, and P. Thubert, "6TiSCH: Deterministic IP-
enabled industrial internet (of things)," IEEE Communications Magazine, vol. 52, no.12, pp. 36-
41, December 2014, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6979984
[20] M. Hasan, E. Hossain, D. Niyato, "Random access for machine-to-machine communication
in LTEadvanced networks: issues and approaches," in IEEE Communications Magazine, vol. 51,
no. 6, pp.86-93, June 2013,
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6525600
[21] Z-Wave, "Z-Wave Protocol Overview," v. 4, May 2007,
https://wiki.ase.tut.fi/courseWiki/imges/9/94/SDS10243_2_Z_Wave_Protocol_Overview.pdf
[22] ZigBee Standards Organization, “ZigBee Specification,” Document 053474r17, Jan 2008,
604 pp., http://home.deib.polimi.it/cesana/teaching/IoT/papers/ZigBee/ZigBeeSpec.pdf
[23] O. Cetinkaya and O. Akan, "A dash7-based power metering system," in 12th Annual IEEE
Consumer Communications and Networking Conference (CCNC), Jan 2015, pp. 406-411,
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7158010
[24] Zhang, Zhi-Kai, et al. ”IoT security: ongoing challenges and research opportunities.”
ServiceOriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference
on. IEEE, 2014.
[28] D. Migault, D. Palomares, E. Herbert, W. You, G. Ganne, G. Arfaoui, and M. Laurent,
“E2E: An Optimized IPsec Architecture for Secure And Fast Offload,” in Seventh International
Conference on Availability, Reliability and Security E2E: 2012.

5. [26] Abomhara, Mohamed, and Geir M. Køien. ”Security and privacy in the Internet of Things:
Current status and open issues.” Privacy and Security in Mobile Systems (PRISMS), 2014
International Conference on. IEEE, 2014.
[27] B. L. Suto, “Analyzing the Accuracy and Time Costs of Web Application Security
Scanners,” San Fr., no. October 2007, 2010.
[28] O. El Mouaatamid, M. LahmerInternet of Things security: layered classification of attacks
and possible countermeasures Electron J (9) (2016).
[29] Seda F. Gürses/Bettina Berendt/Thomas Santen, Multilateral Security Requirements
Analysis for Preserving Privacy in Ubiquitous Environments, in Bettina Berendt/Ernestina
Menasalvas (eds), Workshop on Ubiquitous Knowledge Discovery for Users (UKDU '06), at 51–
64;
[30] Stankovic, J. (2014). Research directions for the internet of things. IEEE Internet of Things
Journal, 1(1), 3–9
[31] Sicari, Sabrina, et al. "Security, privacy and trust in the Internet of Things: The road ahead."
Computer Networks76 (2015): 146-164.
[32]https://www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/
Accessed on 15-03-2019
[33] Bokhari, Mohammad Ubaidullah, and Faheem Masoodi. "Comparative analysis of
structures and attacks on various stream ciphers." Proceedings of the 4th National Conference.
2010.

6. A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC
VOTING SYSTEM
Ahmed Ben Ayed
Department of Engineering and Computer Science, Colorado Technical University, Colorado
Springs, Colorado, USA
ABSTRACT
Blockchain is offering new opportunities to develop new types of digital services. While research
on the topic is still emerging, it has mostly focused on the technical and legal issues instead of
taking advantage of this novel concept and creating advanced digital services. In this paper, we
are going to leverage the open source Blockchain technology to propose a design for a new
electronic voting system that could be used in local or national elections. The Blockchain-based
system will be secure, reliable, and anonymous, and will help increase the number of voters as
well as the trust of people in their governments.
KEYWORDS
Blockchain, Electronic Voting System, e-Voting, I-Voting, iVote
For More Details : https://aircconline.com/ijnsa/V9N3/9317ijnsa01.pdf
Volume Link : http://airccse.org/journal/jnsa17_current.html

7. REFERENCES
[1] Madise, Ü. Madise and T. Martens, “E-voting in Estonia 2005. The first practice of country-
wide binding Internet voting in the world.”,Electronic voting, 2nd International Workshop,
Bregenz, Austria,(2006) August 2-4.
[2] J. Gerlach and U. Grasser, “Three Case Studies from Switzerland: E-voting”, Berkman
Center Research Publication, (2009).
[3] I. S. G. Stenerud and C. Bull, “When reality comes knocking Norwegian experiences with
verifiable electronic voting”, Electronic Voting. Vol. 205. (2012), pp. 21-33.
[4] C. Meter and A. Schneider and M. Mauve, “Tor is not enough: Coercion in Remote
Electronic Voting Systems. arXiv preprint. (2017).
[5] D. L. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”,
Communication of the ACM. Vol. 24(2). (1981), pp. 84-90.
[6] T. ElGamal, “A public Key Cryptosystem and a Signature Scheme Based on Discrete
Logarithms”, IEEE Trans. Info. Theory. Vol. 31. (1985), pp. 469-472.
[7] S. Ibrahim and M. Kamat and M. Salleh and S. R. A. Aziz, “Secure E-Voting with Blind
Signature”, Proceeding of the 4th National Conference of Communication Technology,
Johor, Malaysia, (2003) January 14-15.
[8] J. Jan and Y. Chen and Y. Lin, “The Design of Protocol for e-Voting on the Internet”,
Proceedings IEEE 35th Annual 2001 International Carnahan Conference on Security
Technology, London, England, (2001) October 16-19.
[9] D. L. Dill and A.D. Rubin, “E-Voting Security”, Security and Privacy Magazine, Vol. 2(1).
(2004), pp. 22-23.
[10] D. Evans and N. Paul, “Election Security: Perception and Reality”. IEEE Privacy
Magazine, vol. 2(1). (2004), pp. 2-9.
[11] Trueb Baltic, “Estonian Electronic ID – Card Application Specification Prerequisites to
the Smart Card Differentiation to previous Version of EstEID Card Application.”
http://www.id.ee/public/TBSPEC-EstEID-Chip-App-v3_5-20140327.pdf
[12] Cybernetica. “Internet Voting Solution.”
https://cyber.ee/uploads/2013/03/cyber_ivoting_NEW2_A4_web.pdf.
[13] D. Springall, T. Finkenauer, Z. Durumeric, J. Kitcat, H. Hursti, M. MacAlpine, and J. A.
Halderman, “Security Analysis of the Estonian Internet Voting System.” Proceedings of the

8. 2014 ACM SIGSAC Conference on Computer and Communications Security. (2014), pp.
703-715.
[14] Ministry of Local Government and Modernisation. “Internet Voting Pilot to be
Discontinued.” https://www.regjeringen.no/en/aktuelt/Internet-voting-pilot-to-be-
discontinued/id764300/
[15] J. A. Halderman, and V. Teague, “The New South Wales iVote System: Security Failures
and Verifications Flaws in a Live Online Election.” International Conference on E-Voting
and Identity. (2015), pp. 35-53.
[16] S. Wolchok, E. Wustrow, D. Isabel, J. A. Halderman, “Attacking the Washington, DC
Internet Voting System.” International Conference on Financial Cryptography and Data
Security (2012), pp. 114-128.
[17] National Institute of Standards and Technology, “Federal Information Processing
Standards Publication”, (2012).
[18] S. Nakamoto, “A Peer-to-Peer Electronic Cash System”, (2008).
[19] F. Reid and M. Harrigan, “An Analysis of Anonymity in the Bitcoin System”, Security
and Privacy in Social Networks. (2013), pp. 1-27.
[20] S. Raval, “Decentralized Applications: Harnessing Bitcoin’s Blockchain Technology.”
O’Reilly Media, Inc. Sebastopol, California (2016).
[21] J. R. Douceur, “The Sybil Attack”, International Workshop on Peer-to-Peer Systems,
(2002), pp. 251-260.
AUTHORS
Ahmed Ben Ayed, has received his Bachelor of Science in Computer Information Systems,
Master of Science in Cyber Security and Information Assurance, and currently a doctoral student
at Colorado Technical University, and an Adjunct Professor at California Takshila University.
His research interests are Android Security, Pattern Recognition of Malicious Applications,
Machine Learning, Cryptography, Information & System Security and Cyber Security.

9. MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
Abdurrahman Pektaş1
, Elif Nurdan Pektaş2
and Tankut Acarman1
1
Department of Computer Engineering, Galatasaray University, İstanbul, Turkey 2
Siemens
Turkey, Yakack Caddesi No: 111, 34870 Kartal, Istanbul, Turkey
ABSTRACT
In the era of information technology and connected world, detecting malware has been a major
security concern for individuals, companies and even for states. The New generation of malware
samples upgraded with advanced protection mechanism such as packing, and obfuscation
frustrate anti-virus solutions. API call analysis is used to identify suspicious malicious behavior
thanks to its description capability of a software functionality. In this paper, we propose an
effective and efficient malware detection method that uses sequential pattern mining algorithm to
discover representative and discriminative API call patterns. Then, we apply three machine
learning algorithms to classify malware samples. Based on the experimental results, the proposed
method assures favorable results with 0.999 F-measure on a dataset including 8152 malware
samples belonging to 16 families and 523 benign samples.
KEYWORDS
Android, Malware, Frequent Sequence Mining, Behavioural Pattern, API Calls, Dynamic
Analysis
For More Details : http://aircconline.com/ijnsa/V10N4/10418ijnsa01.pdf
Volume Link : http://airccse.org/journal/jnsa18_current.html

10. REFERENCES
[1] Statcounter: Operating system market share worldwide, (2018). http://gs.statcounter.com/os-
marketshare#monthly-201801-201801-bar. [Online; accessed 7-October-2017].
[2] Ilsun You & Kangbin Yim (2010) “Malware obfuscation techniques: A brief survey”,
Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010
International Conference on, pp297– 300.
[3] 2016 Symantec Security Report, Internet:
https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf, 29.06.2018.
[4] Abdurrahman Pektas & Tankut Acarman (2018) “Malware classification based on api calls
and behavior analysis”, IET Information Security, Vol. 12, No.2, pp 107-117.
[5] Abdurrahman Pektas & Tankut Acarman (2014) “A dynamic malware analyzer against
virtual machine aware malicious software”, Security and Communication Networks, Vol. 7,
No.12, pp2245–2257.
[6] Nizar R Mabroukeh & Christie I Ezeife (2010) “A taxonomy of sequential pattern mining
algorithms”, ACM Computing Surveys (CSUR), Vol. 43, No.1:3.
[7] Philippe Fournier-Viger & Jerry Chun-Wei Lin & Rage Uday Kiran & Yun Sing Koh &
Rincy Thomas (2017) “A survey of sequential pattern mining”, Data Science and Pattern
Recognition, Vol.1, No.1, pp54–77.
[8] Yong Qiao & Jie He & Yuexiang Yang & Lin Ji (2013) “Analyzing malware by abstracting
the frequent itemsets in api call sequences”,Trust, Security and Privacy in Computing and
Communications (TrustCom), 2013 12th IEEE International Conference on, pp.265–270.
[9] Youngjoon Ki & Eunjin Kim & Huy Kang Kim (2015) “A novel approach to detect malware
based on api call sequence analysis”, International Journal of Distributed Sensor Networks, Vol.
11, No.6,pp:95-10.
[10] In Kyeom Cho & Eul Gyu Im (2015), “Extracting representative api patterns of malware
families using multiple sequence alignments”, In Proceedings of the 2015 Conference on
research in adaptive and convergent systems, pp.308–313.
[11] Winfried Just (2001) “Computational complexity of multiple sequence alignment with sp-
score”, Journal of computational biology, Vol. 8, No. 6. pp. 615–623.
[12] Lusheng Wang & Tao Jiang (1994), “On the complexity of multiple sequence alignment”,
Journal of computational biology, Vol. 1, No.4, p.337–348.
[13] Yujie Fan &Yanfang Ye & Lifei Chen (2016), “Malicious sequential pattern mining for
automatic malware detection”, Expert Systems with Applications, Vol.52, pp.16–25.

11. [14] Iltaek Kwon & Eul Gyu Im (2017), “Extracting the representative api call patterns of
malware families using recurrent neural network”, In Proceedings of the International
Conference on Research in Adaptive and Convergent Systems, pp.202–207.
[15] Canfora, G., Mercaldo, F., & Visaggio, C. A. (2016). An hmm and structural entropy based
detector for android malware: An empirical study. Computers & Security, 61, 1-18.
[16] Salehi, Z., Sami, A., & Ghiasi, M. (2017). MAAR: Robust features to detect malicious
activity based on API calls, their arguments and return values. Engineering Applications of
Artificial Intelligence, 59, 93-102.
[17] Shijo, P. V., & Salim, A. (2015). Integrated static and dynamic analysis for malware
detection. Procedia Computer Science, 46, 804-811.
[18] Cuckoo Sandbox, Internet: https://cuckoosandbox.org/, 29.06.2018.
[19] Virustotal, Internet: https://www.virustotal.com/, 29.06.2018.
[20] Payam Refaeilzadeh & Lei Tang & Huan Liu (2009) “Cross-validation”, In Encyclopedia of
database systems, pp.532–538, Springer.
[21] A. Barthels, Behavior-based Malware Detection, Faculty of Informatics, The Technical
University of Munich, Master Thesis, 2009.
[22] Chand, C., Thakkar, A., & Ganatra, A. (2012). Sequential pattern mining: Survey and
current research challenges. International Journal of Soft Computing and Engineering, 2(1), 185-
193.
[23] Parikh, M., Chaudhari, B., & Chand, C. (2013). A comparative study of sequential pattern
mining algorithms. International Journal of Application or Innovation in Engineering &
Management (IJAIEM), 2(2).
[24] Mooney, C. H., & Roddick, J. F. (2013). Sequential pattern mining--approaches and
algorithms. ACM Computing Surveys (CSUR), 45(2), 19.
[25] Ramakrishnan Srikant & Rakesh Agrawal (1996), “Mining sequential patterns:
Generalizations and performance improvements”, In International Conference on Extending
Database Technology, pp.1–17, Springer.
[26] Jay Ayres & Jason Flannick & Johannes Gehrke & Tomi Yiu (2002) “Sequential pattern
mining using a bitmap representation”, In Proceedings of the eighth ACM SIGKDD international
conference on Knowledge discovery and data mining, pp.429–435.
[27] Mohammed J Zaki. Spade (2001) “An efficient algorithm for mining frequent sequences.
Machine learning”, Vol.42, No.1-2, pp.31–60.

12. [28] Philippe Fournier-Viger &Antonio Gomariz & Ted Gueniche &Azadeh Soltani & Cheng-
Wei Wu & Vincent S Tseng (2014) “Spmf: a java open-source pattern mining library”, The
Journal of Machine Learning Research, Vol.15, No.1, pp.3389–3393.
[29] SPMF library, Internet: http://www.philippe-fournier-viger.com/spmf/, 29.06.2018.
[30] Philippe Fournier-Viger & Antonio Gomariz & Manuel Campos & Rincy Thomas (2014)
“Fast vertical mining of sequential patterns using co-occurrence information”, In Pacific-Asia
Conference on Knowledge Discovery and Data Mining, pp.40–52, Springer.
[31] Gandotra, E., Bansal, D., & Sofat, S. (2014). Malware analysis and classification: A survey.
Journal of Information Security, 5(02), 56.
[32] Leo Breiman (2001) “Random forests”, Machine learning, Vol.45, No.1, pp.5–32.
[33] Padraig Cunningham & Sarah Jane Delany (2007) “k-nearest neighbour classifiers”,
Multiple Classifier Systems, Vol.34, pp.1–17.
[34] Marti A. Hearst & Susan T Dumais & Edgar Osuna & John Platt & Bernhard Scholkopf
(1998), “Support vector machines”, IEEE Intelligent Systems and their applications, Vol. 13,
No.4, pp.18–28.
[35] Fabian Pedregosa & Gaël Varoquaux &Alexandre Gramfort & Vincent Michel & Bertrand
Thirion & Olivier Grisel & Mathieu Blondel & Peter Prettenhofer &Ron Weiss &Vincent
Dubourg (2011) “Scikit-learn: Machine learning in python”, Journal of machine learning
research, Vol. 12, pp.2825–2830.
[36] Hossin, M., & Sulaiman, M. N. (2015). A review on evaluation metrics for data
classification evaluations. International Journal of Data Mining & Knowledge Management
Process, 5(2), 1.
[37] Yiming Yang (1999) “An evaluation of statistical approaches to text categorization”,
Information retrieval, Vol.1, No. 1-2, pp.69–90.
[38] Thomas G Dietterich (1998), “Approximate statistical tests for comparing supervised
classification learning algorithms”, Neural computation, Vol.10, No.7, pp.1895–1923.
AUTHORS
Abdurrahman Pektaş received his B.Sc. and M Sc. at Galatasaray University
and his PhD at the University of Joseph Fourier, all in computer engineering, in
2009, 2012 and 2015, respectively. He is a senior researcher at Galatasaray
University. His research interests are analysis, detection and classification of
malicious software, machine learning and security analysis tool development.

13. Elif Nurdan Pektaş received his B.Sc. and M Sc. at Galatasaray University all
in computer engineering, in 2010, and 2014, respectively. She is leading
software developer at Siemens Turkey. Her research interests are developing
IoT based applications, deep learning, cloud based application and automated
testing.
Tankut Acarman received his Ph.D. degree in Electrical and Computer
engineering from the Ohio State University in 2002. He is professor and head of
computer engineering department at Galatasaray University in Istanbul, Turkey.
His research interests lie along all aspects of autonomous s ystems, intelligent
vehicle technologies and security. He is the co-author of the book entitled
“Autonomous Ground.

14. PLEDGE: A POLICY-BASED SECURITY PROTOCOL FOR PROTECTING
CONTENT ADDRESSABLE STORAGE ARCHITECTURES
Wassim Itani Ayman Kayssi Ali Chehab
Department of Electrical and Computer Engineering
American University of Beirut
Beirut 1107 2020, Lebanon
ABSTRACT
In this paper we present PLEDGE, an efficient and scalable security ProtocoL for protecting
fixedcontent objects in contEnt aDdressable storaGe (CAS) architEctures. PLEDGE follows an
end-to-end policy-driven security approach to secure the confidentiality, integrity, and
authenticity of fixed-content entities over the enterprise network links and in the nodes of the
CAS device. It utilizes a customizable and configurable extensible mark-up language (XML)
security policy to provide flexible, multi-level, and fine-grained encryption and hashing
methodologies to fixed content CAS entities. PLEDGE secures data objects based on their
content and sensitivity and highly overcomes the performance of bulk and raw encryption
protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS)
protocols. Moreover, PLEDGE transparently stores sensitive objects encrypted (partially or
totally) in the CAS storage nodes without affecting the CAS storage system operation or
performance and takes into consideration the processing load, computing power, and memory
capabilities of the client devices which may be constrained by limited processing power, memory
resources, or network connectivity. PLEDGE complies with regulations such as the Health
Insurance Portability and Accountability Act (HIPAA) requirements and the SEC Rule 17a-4
financial standards. The protocol is implemented in a real CAS network using an EMC Centera
backend storage device. The application secured by PLEDGE in the sample implementation is an
X-Ray radiography scanning system in a healthcare network environment. The experimental test
bed implementation conducted shows a speedup factor of three over raw encryption security
mechanisms.
KEYWORDS
Security, Content-addressable storage security, Policy-driven security, Customizable security.
For More Details : http://airccse.org/journal/nsa/1010s8.pdf
Volume Link : http://airccse.org/journal/jnsa10_current.html

15. REFERENCES
[1] W. Itani, A. Kayssi, A. Chehab, “An efficient and scalable Security ProtocoL for protecting
fixedContent Objects in ContEnt aDdressable StoraGe architectures”, in Proc. of the Third
International Conference on Security and Privacy in Communication Networks, Nice,
France, Sept, 2007.
[2] A. Freier, P. Karlton, P. Kocher, “The SSL Protocol Version 3.0, ” Internet-Draft, 1996.
[3] T. Dierks, C. Allen, “The TLS Protocol – Version 1.0, ” RFC 2246, 1999.
[4] EMC Centera homepage: http://www.emc.com/products/family/emc-centera-family.htm,
accessed Jan. 14, 2008.
[5] Health Insurance Portability & Accountability Act homepage: http://www.hipaa.org,
accessed Jan. 14, 2008.
[6] SEC 17 CFR Part 240, Release No. 34-38245, “Reporting Requirements for Broker Dealers
Under the Security Exchange Act of 1934,” January 1997, http://www.sec.gov/rules/final/34-
38245.txt, accessed Jan. 14, 2008.
[7] J. Daemen and V. Rijmen, “Rijndael, the advanced encryption standard,” Dr. Dobb's Journal,
vol. 26, no. 3, March 2001, pp. 137 - 139.
[8] National Institute of Standards and Technology, August 2002, Secure Hash Standard, Federal
Information Processing Standards, Publication 180-2,
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf, accessed Jan.
14, 2008.
[9] Y. Zheng, J. Pieprzyk, J. Seberry, “HAVAL--A One-Way Hashing Algorithm with Variable
Length of Output,” in Proc. Workshop on the Theory and Application of Cryptographic
Techniques: Advances in Cryptology, pp. 83-104, 1992.
[10] R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1321, 1992.
[11] W. Itani, A. Kayssi, “J2ME End-to-End Security for M-Commerce,” in Proc IEEE
Wireless Communications and Networking Conference, 2003.
[12] W. Itani, A. Kayssi, “SPECSA: a Scalable, Policy-driven, Extensible, and Customizable
Security Architecture for Wireless Enterprise Applications,” Computer Communications,
vol. 27, no. 18, December 2004, pp. 1825 - 1839.
[13] W. Itani, A. Kayssi, A. Chehab, “PATRIOT – a Policy-Based, Multi-level Security
Protocol for Safekeeping Audit Logs on Wireless Devices,” in Proc. IEEE/CreateNet First

16. International Conference on Security and Privacy for Emerging Areas in Communication
Networks (SecureComm), Athens, Greece, 2005.
[14] W. Itani, A. Kayssi, A. Chehab, “An Enterprise Policy-Based Security Protocol for
Protecting Relational Database Network Objects,” in Proc. 2006 International Wireless
Communications and Mobile Computing Conference (IWCMC), Vancouver, Canada, 2006.
[15] T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler, F. Yergeau (September 2006),
“Extensible Markup Language (XML) 1.0”, World Wide Web Consortium,
http://www.w3.org/TR/2006/REC-xml20060816/, accessed Jan. 14, 2008.
[16] The Gramm-Leach-Bliley Website: http://banking.senate.gov/conf/, accessed Jan. 14,
2008.
[17] J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R. Gummadi, S.
Rhea, H. Weatherspoon, C. Wells and B. Zhao, “OceanStore: an Architecture for Global-
Scale Persistent Storage,” in Proc. Ninth International Conference on Architectural Support
for Programming Languages and Operating Systems, pp. 190 - 201, November 2000,
Cambridge, Massachusetts, United States.
[18] H. Cheng, X. Li, “Partial Encryption of Compressed Images and Videos,” IEEE
Transactions on Signal Processing, vol. 48, no. 8, pp. 2439-2451, August 2000.
[19] M. Van Droogenbroeck, R. Benedett, “Techniques for a Selective Encryption of
Uncompressed and Compressed Images,” in Proc. Advanced Concepts for Intelligent Vision
Systems, pp. 90 - 97, Ghent University, Belgium, September 2002.
[20] R. Pfarrhofer and A. Uhl, “Selective Image Encryption using JBIG,” Lecture Notes in
Computer Science, pp. 98-107, 2005.
[21] S. Lian, J. Sun, D. Zhang, Z. Wang, “A Selective Image Encryption Scheme Based on
JPEG2000 Codec,” Lecture Notes in Computer Science, vol. 3332, pp. 65 - 72, 2004.
[22] X. Lu and A. Eskicioglu, “Selective Encryption of Multimedia Content in Distribution
Networks: Challenges and New Directions,” in Proc. IASTED International Conference on
Communications, Internet and Information Technology (CIIT 2003), Scottsdale, AZ, USA,
November 2003.
[23] A. Pommer and A. Uhl, “Application Scenarios for Selective Encryption of Visual Data,”
in Proc. Multimedia and Security Workshop, ACM Multimedia, pp. 71 - 74, Juan-les-Pins,
France, December 2002.
[24] A. Pommer and A. Uhl, “Selective Encryption of Wavelet-Packet Encoded Image Data
Efficiency and Security,” ACM Multimedia Systems, Special issue on Multimedia Security,
pp. 279 - 287, 2003.

17. [25] M. Van Droogenbroeck, “Partial Encryption of Images for Real-Time Applications,”
http://www.ulg.ac.be/telecom/publi/publications/mvd/Vandroogenbroeck2004Partial.pdf,
2004, accessed Jan. 14, 2008.
[26] S. Lakshmanan, M. Ahamad, and H. Venkateswaran, Responsive Security for Stored
Data, IEEE Transactions on Parallel and Distributed Systems, vol. 14, no. 9, September
2003.
[27] L. Wang, Y. Nie, W. Nie, and L. Jiao, “Artificial Immune Strategies Improve the
Security of Data Storage”, in Proc. ICNC 2005, LNCS 3611, pp. 839 – 848, 2005.
[28] S. Morgan, L. Russell and B. Reed, Security Method and System for Persistent Storage
and Communications on Computer Network Systems and Computer Network Systems
Employing the Same, International Business Machines Corporation, Patent number:
6816970, Nov 9, 2004.
[29] B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu, “A Framework for Efficient
Storage Security in RDBMS,” in Proc. Seventh Int’l Conf. Extending Database Technology
(EDBT 2004), Mar. 2004
[30] J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. N. Soules, and G. R. Ganger, Self-
Securing Storage: Protecting Data in Compromised Systems, in Proc. 2000 Symposium on
Operating Systems Design and Implementation (OSDI), October 2000.
[31] W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication and authenticated key
exchanges”, Designs, Codes and Cryptography 2 (1992), 107-125.

18. AN INTELLECT LEARNING ON E-MAIL SECURITY AND FRAUD, SPAM AND
PHISHING
Dr.P.S.Jagadeesh Kumar1
, Dr.S.Meenakshi Sundaram2
, Mr.Ranjeet kumar3
1, 2, 3
Department of Computer Science and Engineering, Don Bosco Institute of Technology,
Kumbalagodu, Bangalore, India – 560074.
ABSTRACT
Cybercrime has grown voluminous pleats with veneration to the development of first-hand
technology. The flout towards cybercrime has become todays prime centric with developing
countries frugality as well. Nonetheless hefty figure of security and privacy available with
modern expertise; phishing, spam and email fraud are more equally exasperating. In this intellect
learning, the authors’ primary interest is to make a healthy charge on phishing, spam and email
fraud towards the wealthy personal information and realm. Official and business related
information needs added exhaustive sanctuary and discretion from the hackers to be on the top in
their one-to-one arena.
KEYWORDS
Cybercrime, Phishing, Spam, Email fraud, Security and Privacy, Intellect learning.
For More Details : http://airccse.org/journal/nsa/7515nsa03.pdf
Volume Link : http://airccse.org/journal/jnsa15_current.html

19. REFERENCES
[1] Andronicus A. Akinyelu and Aderemi O. Adewumi, (2014) “Classification of Phishing
Email Using Random Forest MachineLearning Technique”, Journal of Applied Mathematics,
Hindawi Publishing Corporation, Vol. 2014, Article ID 425731, 6 pages.
[2] Dhanalakshmi Ranganayaklu&Chellapan C, (2013) “Detecting malicious URLs in E-mail –
An Implementation”Proceedia of AASRI Conference on intelligent systems and control,
Elsevier, pp.125-131.
[3] Jagruti Patel, Sheetal Mehta, (2015) “A literature review on phishing email detection using
data mining”, International Journal of Engineering Sciences & Research Technology, Vol.
4(3), pp.46-53.
[4] M.Madhuri, K.Yeseswini, U.Vidya Sagar, (2013) “Intelligent phishing website detection
andPrevention system by using link guard algorithm” International Journal of
Communication Network Security, ISSN: 2231 – 1882, Vol. 2, Issue2, pp.9-16.
[5] Tzipora Halevi, James Lewis, Nasir Memon, (2013) “A Pilot Study of Cyber Security and
Privacy Related Behavior and Personality Traits” International World Wide Web
ConferenceCommittee (IW3C2), May 13–17, Rio de Janeiro, Brazil.ACM 978-1-4503-2038-
2/13/05.
[6] Jayshree Hajgude, Dr.Lata Ragha, (2013) “Performance Evaluation of Phish Mail Guard:
Phishing Mail Detection Technique by using Textual and URL analysis” Int. J. on Recent
Trends in Engineering and Technology, Vol. 8, No. 1, pp.23-29, ACEEE Publication.
[7] Ritika Arora, Neha Arora, (2014) “Phishing Attack Techniques”, International Journal of
Computer Science and Technology, Vol.5, Issue.4, pp.300-302.
[8] Amir Herzberg, Ahmad Jbara, (2006) “Security and Identification Indicators for
Browsersagainst Spoofing and Phishing Attacks”, manuscript is available as ePrint Archive:
Report 2004/155, at http://eprint.iacr.org/2004/155
[9] S.Arun, D.Anandan, T.Selvaprabhu, B.Sivakumar, P.Revathi, H.Shine, (2012) “Detecting
Phishing attacks inpurchasing process through proactive approach” Advanced Computing:
An International Journal (ACIJ), Vol.3, No.3, pp.81-93, DOI: 10.5121/acij.2012.3309.
[10] Yan Luo, (2010) “Workload characterization of spam emailfiltering systems”
International Journal of Network Security & Its Application (IJNSA), Vol.2, No.1, pp.22-4.
[11] Gaurav Ojha and Gaurav Kumar Tak, (2012) “A novel approach against e-mail
attacksderived from user-awareness basedtechniques” International Journal of Information

20. Technology Convergence and Services (IJITCS) Vol.2, No.4, pp.1-16, DOI:
10.5121/ijitcs.2012.2401.
[12] Srishti Gupta, Ponnurangam Kumaraguru, (2014) “Emerging Phishing Trends and
Effectiveness of theAnti-Phishing Landing Page” arXiv: 1406.3682v1 [cs.CY].
[13] Maher Aburrous,M.A. Hossain, Keshav Dahal, Fadi Thabtah (2010) “Associative
Classification Techniques for predicting e-Banking PhishingWebsites” MCIT, 978-1-4244-
7003-7/10© IEEE.
[14] Andre Bergholz, Jan De Beer, Sebastian Glahn,Marie-Francine Moens, Gerhard Paab and
Siehyun Strobel, (2010) “New filtering approaches for phishing email” Journal of Computer
Security,Vol.18, pp.7–35, DOI 10.3233/JCS-2010-037, IOS Press.
[15] Thamarai Subramaniam, Hamid A.Jalab and Alaa Y.Taqa, (2010) “Overview of textual
antispam filtering techniques” International Journal of the Physical Sciences, Vol. 5(12), pp.
1869-1882, Available online at http://www.academicjournals.org/IJPS ©2010 Academic
Journals.
[16] Cleber K. Olivoa, Altair O.Santina, Luiz S.Oliveirab, (2013) “Obtaining the threat model
for e-mail phishing” Applied Soft Computing, Vol. 13, pp. 4841–4848, Contents lists
available at ScienceDirect, 1568-4946 © Elsevier B.V. DOI:10.1016/j.asoc.2011.06.016.
[17] Nalin Asanka Gamagedara, Steve Love, Carsten Maple, (2013) “Can a Mobile Game
Teach Computer Users to Thwart Phishing Attacks?” International Journal for Infonomics
(IJI), Volume 6, Issues ¾, pp.720-730, http://www.infonomics-society.org/IJI
[18] Carine G. Webber, Maria de Fatima W. do Prado Lima, and Felipe S. Hepp, (2012)
“Testing Phishing Detection Criteria and Methods” Frontiers in Computer Education, AISC
133, pp. 853–858, © Springer-Verlag Berlin Heidelberg.
[19] Kamini (Simi) Bajaj and Josef Pieprzyk, (2014) “A Case Study of User-Level Spam
Filtering” Proceedings of the Twelfth Australasian Information Security Conference,
Auckland, New Zealand, pp.67-75.
[20] Satish.S, Suresh Babu.K, (2013) “Phishing websites detection based on web source code
and url in the webpage” International Journal of Computer Science and Engineering
Communications IJCSEC. Vol.1 Issue.1, pp.1-5, scientistlink.com.
[21] Tyler Moore and Richard Clayton, (2007) “Examining the Impact of Website Take-down
on Phishing” APWG eCrime Researchers Summit, Pittsburgh, PA, USA.
[22] Maher Aburrous, M.A.Hossain, Keshav Dahal, Fadi Thabtah, (2010) “Intelligent
phishing detection system for e-banking using fuzzy data mining” Expert Systems with

21. Applications, Vol.37, pp.7913– 7921, 0957-4174, Elsevier
Ltd,DOI:10.1016/j.eswa.2010.04.044
[23] A.S.Zadgaonkar, Suraj Prasad Keshari, Savita Ajay, (2013) “A Model for Identifying
Phishing EMail Based on Structural Properties” International Journal of Science and Modern
Engineering (IJISME)ISSN: 2319-6386, Volume-1, Issue-6, pp.71-74.
[24] Ali Darwish, Ahmed El Zarka and Fadi Aloul, (2013) “Towards Understanding Phishing
Victims' Profile” 978-1-4673-5157-7/13 © IEEE.
[25] Asani emmanuel oluwatobi, Aadegun adekanmi, (2014) “Maximum phish bait: towards
feature based detection of phising using maximum entropy classification technique”
International Conference on Science, Technology, Education, Arts, Management and Social
SciencesiSTEAMS Research Nexus Conference.
[26] Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang, and Suku Nair, (2009) “Distributed
Phishing Detection by ApplyingVariable Selection using Bayesian AdditiveRegression
Trees” IEEE ICC 2009 proceedings,
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5198931978-1-4244-3435-0/09 ©
IEEE.
[27] Nirmala Suryavanshi, Anurag Jain, (2015) “A Review of Various Techniques for
Detection and Prevention for Phishing Attack” International Journal of Advanced Computer
Technology, Vol.4, No.3, pp.41-46.
[28] Niharika Vaishnaw, SRTandan (2015) “Development of Anti-Phishing Model
forClassification of Phishing E-mail” International Journal of Advanced Research in
Computer and Communication EngineeringVol. 4, Issue 6, pp.39-45, DOI
10.17148/IJARCCE.2015.4610.
[29] Niharika Vaishnaw, SRTandan (2011) “Architecture for the Detection of phishing in
MobileInternet” International Journal of Computer Science and Information Technologies,
Vol.2 (3), pp.1297-1299.
[30] Geerthik.S (2013) “Survey on Internet Spam: Classification and Analysis”
Int.J.Computer Technology & Applications,Vol 4 (3), pp.384-391,Available
online@www.ijcta.com.
[31] P.Rohini, K.Ramya (2014) “Phishing Email Filtering Techniques-A Survey”,
International Journal of Computer Trend and Technology, Vol.17, No.1, pp.18-21.
http://www.ijcttjournal.org
[32] Masoumeh Zareapoor, Seeja K.R (2015) “Feature Extraction or Feature Selection for
Text Classification: A Case Study on Phishing Email Detection”, I.J. Information

22. Engineering and Electronic Business, 2015, Vol.2, pp.60-65, Published Online March 2015
in MECS (http://www.mecs-press.org/)DOI: 10.5815/ijieeb.2015.02.08
[33] Ram B.Basnet, Andrew H.Sung, Quingzhong Liu (2014) “Learning to detect phishing
URLs”, International Journal of Research in Engineering and Technology, Vol.3 Issue.6,
pp.11-24, Available @ http://www.ijret.org
[34] R. Dhanalakshmi, C. Chellappan, Quingzhong Liu (2012) “Mitigating E-Mail Threats - A
Web Content BasedApplication”, Proceedings of the International MultiConference of
Engineers and Computer Scientists, Vol.1, IMECS’12, Hong Kong.
[35] R. Dhanalakshmi, C. Chellappan, Quingzhong Liu (2012) “Evolving Fuzzy Neural
Network for Phishing Emails Detection”, Journal of Computer Science 8 (7): pp.1099-1107,
ISSN 1549-3636©Science Publications.
[36] Goverdhan Reddy Jidiga, Dr.P Sammulal, (2013) “Machine learning approach to
anomaly detection incyber security with a case study of spamming attack”, International
Journal of Computer Engineering& Technology, Vol.4, Issue.3, May-June (2013), pp. 113-
122, © IAEME: www.iaeme.com/ijcet.asp
[37] Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song (2011) “Design and
Evaluation of a Real-Time URL Spam Filtering Service”, IEEE Symposium on Security and
Privacy, pp.447-462, 1081-6011/11© 2011 IEEE, DOI: 10.1109/SP.2011.25
[38] Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Cranor, Julie Downs
(2010) “Who Falls for Phish? A Demographic Analysis of PhishingSusceptibility and
Effectiveness of Interventions”, Atlanta, Georgia, USA.Copyright 2010 ACM 978-1-60558-
929-9/10/04.
[39] Yue Zhang, Jason Hong, Lorrie Cranor (2007) “CANTINA: A Content-Based Approach
toDetecting Phishing Web Sites”, International World Wide Web ConferenceCommittee,
May 8–12, 2007, Banff, Alberta, Canada, ACM 978-1-59593-654-7/07/0005
[40] Ram B.Basnet,Andrew H.Sung (2010) “Classifying Phishing Emails Using Confidence-
Weighted Linear Classifiers”, International Conference on Information Security and
Artificial Intelligence (ISAI 2010),978-1-4244-8870-4 /10 C IEEE, pp.108-112.
[41] Michalis Polychronakis, Panayiotis Mavrommatis, Niels Provos (2010) “Ghost turns
Zombie: Exploring the Life Cycle of Web-based Malware”,
https://www.usenix.org/legacy/event/leet08/tech/full_papers/polychronakis/polychronakis.pd
f
[42] JaeSeung Song and Andreas Kunz (2013) “Towards Standardized Prevention
ofUnsolicited Communications and PhishingAttacks”, Journal of ICT Standardization, Vol.
1, PP.109–122, River Publishers, DOI: 10.13052/jicts2245-800X .126.

23. [43] Bo Li and Yevgeniy (2010) “Feature Cross-Substitution in Adversarial
Classification”,http://vorobeychik.com/2014/sma.pdf
[44] Justin ma, Lawrence k.Saul, Stefan savage and Geoffrey M.Voelker(2011) “Towards
Standardiz Prevention of Unsolicited Communications and Phishing Attacks”, ACM
Transactions on Intelligent Systems and Technology, Vol.2, No.3, Article 30, ACM 2157-
6904/2011/04-ART30, http://doi.acm.org/10.1145/1961189.1961202
[45] Vishakha B.Pawar, Pritish A.Tijare (2014) “Phishing Email Detection Techniques: A
Review”, International Journal of Advance Research inComputer Science and Management
Studies, Vol.2, 277, Available online at: www.ijarcsms.com
[46] Noor Ghazi M.Jameel, Loay E.George (2013) “Detection Phishing Emails Using
Features Decisive Values”, International Journal of Advanced Research inComputer Science
and Software Engineering, Vol.3, Issue 7, pp.257-262, Available online at:
www.ijarcsse.com
[47] Hima Sampath Rao, SK Abdul Nabi (2014) “A novel approach for predictingphishing
websites using the mapreduce framework”, International Journal of Computer Science and
Mobile Computing, Vol.3, Issue 10, pp.505-510, Available Online at www.ijcsmc.com
[48] Mona Ghotaish Alkhozae, Omar Abdullah Batarfi (2011) “Phishing Websites Detection
based on Phishing Characteristics in the Webpage Source Code”, International Journal of
Information and Communication Technology Research, Vol.1, No.6, pp.283-291.
[49] Boateng,Priscilla Mateko Amanor (2014) “Phishing, SMiShing & Vishing: An
Assessment of Threats againstMobile Devices”, Journal of Emerging Trends in Computing
and Information Sciences, Vol.5, No.4, pp.297-307, Available Online at www.ijcsmc.com
[50] De Wang, Shamkant B. Navathe, Ling Liu, Danesh Irani, Acar Tamersoy, Calton Pu
(2014) “Click Traffic Analysis of Short URL Spam on Twitter”,
http://www.cc.gatech.edu/~atamerso/papers/wang_collaboratecom13.pdf
[51] Yan Yeung (2007) “A Learning Approach to Spam Detection bas SocialNetworks”,
CEAS 2007 - Fourth Conference on Email and Anti-Spam, August 2 2007, Mountain View,
California USA.
[52] Szde Yu (2011) “Email spam and the CAN-SPAM Act: A qualitative analysis”,
International Journal of Cyber Criminology, Vol. 5 Issue 1, Vol.1, No.6, pp.715-735.
[53] Shams Zawoad, Amit Kumar Dutta, Alan Sprague, Ragib Hasan, Jason Britt, and Gary
Warner Net: Investigating Phish Clusters Using Drop Email Addresses”,
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6805777

24. AUTHORS
Dr.P.S.Jagadesh Kumar, Professor in the Department of Computer Science
and Engineering, Don Bosco Institute of Technology, Bengaluru has 16 years
of teaching experience, including 6 year of research experience in the field of
received his B.E. degree from University of Madras in Electrical and
Electronics Engineering discipline in the year 1999. He obtained his M.E
degree in 2004 with specialization in Computer Science and Engineering from
Annamalai University Ph.D. from Anna University, Chennai.
Dr.S.Meenakshi Sundaram is working as Professor and Head in the
Department of Computer Science and Engineering at India. He obtained
Bachelor Degree in Computer Science and Engineering from Bharathidasan
University in 1989. He obtained his M.Tech from National Institute of
Technology, Tiruchirappalli in 2006 and Ph.D. in Computer Science &
Engineering from Anna University Chennai in 2014. He has presented 3 papers
in International Conferences and published 17 papers in International Journals.
Mr.Ranjeet Kumar is working as an Associate Professor in the Department of
Computer Science & Engineering at Don Bosco Institute of Technology,
Bengaluru 560074. He has completed Bachelor of engineering in electrical &
electronics engineering from Kuvempu University, Shimoga, Karnataka in
2001. He has also completed his Master of Technology in Computer Science &
Engineering from Visveswaraya Technological University, Belgaum,
Karnataka in 2010.

25. ARCHITECTURE FOR INTRUSION DETECTION SYSTEM WITH FAULT TOLERANCE
USING MOBILE AGENT
Chintan Bhatt1
, Asha Koshti2
,Hemant Agrawal3
, Zakiya Malek4
, Dr Bhushan Trivedi5
MCA Dept.,GLS Institute of Computer Technology, Ahmedabad, India
ABSTRACT
This paper is a survey of the work, done for making an IDS fault tolerant. Architecture of IDS
that uses mobile Agent provides higher scalability. Mobile Agent uses Platform for detecting
Intrusions using filter Agent, co-relater agent, Interpreter agent and rule database. When server
(IDS Monitor) goes down, other hosts based on priority takes Ownership. This architecture uses
decentralized collection and analysis for identifying Intrusion. Rule sets are fed based on user-
behaviour or application behaviour. This paper suggests that intrusion detection system (IDS)
must be fault tolerant; otherwise, the intruder may first subvert the IDS then attack the target
system at will.
KEYWORDS
Fault tolerance, Mobile Agent, Intrusion Detection System
For More Details : http://airccse.org/journal/nsa/0911nsa13.pdf
Volume Link : http://airccse.org/journal/jnsa11_current.html

26. REFERENCES
[1] Lange, D., Oshima, M. 1998. Programming and Deploying Java Mobile Agents with Aglets .
Addison-Wesley.
[2] Rothermel, K., Schwehm, M. 1998. Mobile Agents . In Kent, A., Williams, J. (Editors)
Encyclopedia for Computer Science and Technology . M. Dekker Inc. New York, USA
[3] Jansen, W. 1999. Mobile agents and security. In Proceedings of the 1999 Canadian
Information Technology Security Symposium .
[4] Jansen, W. 2002. Intrusion detection with mobile agents. Computer Communications ,
25(15): 1392-1401.
[5] Jansen, W., Karygiannis, T. 1999. Mobile agent security. Special Publication 800 19,
National Institute of Standards and Technology (NIST).
[6] Jansen, W., Mell, P., Karygiannis, T., Marks, D. 1999. Applying mobile agents to intrusion
detection and response. Interim Report 6416, National Institute of Standards and Technology
(NIST)
[7] Intelligent Agents for Distributed Intrusion Detection System M. Benattou, and K. Tamine
World Academy of Science, Engineering and Technology 6 2005
[8] Intrusion Detection & Prevention by Carl Endorf, Eugene Schultz and Jim Mellander
ISBN:0072229543 TMH pub.
[9] INTELLIGENT INTRUSION DETECTION SYSTEM FRAMEWORK USING MOBILE
AGENTS International Journal of Network Security & Its Applications (IJNSA), Vol 1, No 2,
July 2009
[10] DIDMA: A Distributed Intrusion Detection System Using Mobile Agents Pradeep
Kannadiga and Mohammad Zulkernine School of Computing Queen’s University Proceedings of
the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking
and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling
Wireless Networks (SNPD/SAWN’05) 0-7695-2294-7/05 © 2005 IEEE
[11] Applying Mobile Agents to Intrusion Detection and Response Wayne Jansen, Peter Mell,
Tom Karygiannis, Don Marks National Institute of Standards and Technology Computer
Security Division NIST Interim Report (IR) – 6416 October 1999
[12] An Architecture for Intrusion Detection using Autonomous Agents Jai Sundar
Balasubramaniyan, Jose Omar Garcia-Fernandez,DavidIsaco, Eugene Spafford, Diego Zamboniy
Center for Education and Research in Information Assurance and Security Purdue University
CERIAS Technical Report 98/05 June 11, 1998

27. [13] A New Mobile Agent-Based Intrusion Detection System Using Distributed Sensors
Mohamad Eid American University of Beirut, Department of Electrical and Computer
Engineering
[14] Snort website: www.snort.org
AUTHORS
Chintan Bhatt
MCA, SEM-5 Student GLSICT, Ahmedabad , India
Research Area :- Network Security
Asha Koshti
MCA, SEM-5 Student GLSICT, Ahmedabad , India
Research Area :- Network Security
Hemant Agrwal
MCA, SEM-5 Student GLSICT, Ahmedabad , India
Research Area :- Network Security
Zakiya Malek
Assistant Professor, GLSICT, Ahmedabad , India
Research Area :- Network Security
Dr. Bhushan Trivedi
Ditrector, GLSICT, Ahmedabad , India
Research Area :- Network Security

28. IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
Moussa WITTI and Dimitri KONSTANTAS
Information Science Institute University of Geneva Route de Drize 7, 1227 Carouge, Switzerland
ABSTRACT
The increase of smart devices has accelerated sensitive data exchange on the Internet using most
of the time unsecured channels. Since a massive use of RFID (Radio-frequency Identification)
tags in the transportation and construction industries from 1980 to 1990, with the expanded use
of the Internet with 2G/3G or 4G since 2000, we are witnessing a new era of connected objects.
A huge number of heterogeneous sensors may collect and dispatch sensitive data from an
endpoint to worldwide network on the Internet. Privacy concerns in IOT remain important issues
in the research. In this paper, we aim to evaluate current research state related to privacy and
security in IOT by identifying existing approaches and publications trends. Therefore, we have
conducted a systematic mapping study using automated searches from selected relevant
academics databases. The result of this mapping highlights research type and contribution in
different facets and research activities trends in the topic of “security and privacy” in IoT edge,
cloud and fog environment.
KEYWORDS
Internet of Thing, privacy, security, the mapping study
For More Details : http://aircconline.com/ijnsa/V10N6/10618ijnsa03.pdf
Volume Link : http://airccse.org/journal/jnsa18_current.html

29. REFERENCES
[1] Aaditya Jain, B. S. (2016, April). Internet of Things: Architecture, security goals, and
challenges. International Journal Innovative Research in Science & Engineering (IJIRSE),
Vol.No2:Issue4.
[2] Alfaqih, T. M., & Al-Muhtadi, J. (2016). Internet of Things Security based on Devices
Architecture. International Journal of Computer Applications.
[3] Athreya, A. P., DeBruhl, B., & Tague, P. (2013). Designing for self-configuration and
selfadaptation in the “internet of things" in Collaborative Computing: Networking Applications
and Worksharing. 9th International Conference Collaboratecom, (pp. 585-592).
[4] Bagozzi, R. Y. (1991). Assessing Construct Validity in Organizational Research.
Administrative Science Quarterly (36:3), pp 421-458.
[5] Bouij-Pasquier Imane, A. A. (2015). A Security Framework for Internet of Things. 14 th
International conference, CANS 2015, , (pp. 19-31 Volume 9476 of the series Lecture Notes in
Computer Science). Marrakesh.
[6] Burnett L., K. B.-S. (Volume 10, Issue 4, May 2003). The GeneTrustee: a universal
identification system that ensures privacy and confidentiality for human genetic databases.
Journal of law and medicine, 506-513.
[7] Cavalcante E. et al. (2016). On the interplay of Internet of Things and Cloud Computing: A
systematic mapping study. Computer Communications Volumes 89-90, Pages 17-33.
[8] Charu C. Aggarwal; Philip S. Yu, eds. (2008). "A General Survey of Privacy". Privacy-
Preserving Data Mining – Models and Algorithms
[9] Ding Chao, L. Y. (2011). Security Architecture and Key Technologies for IoT/CPS. ZTE
Communication, 17(1):11-16.
[10] Erez Shmueli, T. Z. (2014). Constrained obfuscation of relational databases. Information
Sciences, Volume 286, 35.
[11] Gang G., L. Z. (2011). "Internet of things security analysis," in Internet Technology and
Applications (iTAP), 2011 International Conference on, 1-4.
[12] Gregor, S. (2006). The Nature of Theory in Information Systems. MIS Quarterly (30:3),
611-642.
[13] Hernandez-Ramos JosAľ L., J. B. (2015). Preserving Smart Objects Privacy through
Anonymous. Sensors - Open Access Journal.

30. [14] Hevner, A. M. (2004). Design Science in Information Systems Research. MIS Quarterly
(28:1), 75-105.
[15] JianQiang Li, J.-J. Y. (2013). A top-down approach for approximate data anonymisation.
Enterprise Information Systems, 272.
[16] Junqing Le, X. L. (2016). Full Autonomy: A Novel Individualized Anonymity Model for
Privacy Preserving. Computers & Security.
[17] Kocher, P. L. (2004). Security as a new dimension in embedded. In: Proceedings of the 41st
Annual Design Automation Conference, DAC 2004, San Diego, CA, USA, June 7-11 (pp. 753-
760). New York: ACM.
[18] Liu C., Y. Z. (2012). Research on Dynamical Security Risk Assessment for the Internet of
Things inspired by immunology, in Eighth International Conference on Natural Computation
(ICNC).
[19] Leusse P, P. P. (2009). Security Cell, a security model for the Internet of Things and
Services. International Conference on in Advances in Future Internet, (pp. 47-52).
[20] Loukil F., Ghedira C., Aïcha-Nabila B., Boukadi K., Maamar Z. Privacy-Aware in the IoT
Applications: A Systematic Literature Review. International Conference on Cooperative
Information Systems (CoopIS) 2017. Proceedings, Part I. Lecture Notes in Computer Science
10573, Springer 2017, ISBN 978-3-319-69461-0, Oct 2017, Rhodes, Greece.
[21] Mingqiang Xue, P. P. (2011). Distributed privacy preserving data collection. In Proceedings
of the 16th international conference on Database systems for advanced applications.
[22] Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian "t-Closeness: Privacy Beyond
kAnonymity and l-Diversity," 2007 IEEE 23rd International Conference on Data Engineering,
Istanbul, 2007, pp. 106-115.
[23] Pan Yang, X. G. (2013). A Privacy-Preserving Data Obfuscation Scheme Used in Data
Statistics and Data Mining. IEEE 10th International Conference on High Performance
Computing and Communications & 2013 IEEE International Conference on Embedded and
Ubiquitous Computing,(p. 881).
[24] Pierangela Samarati and L. Sweeney. k-anonymity: a model for protecting privacy.
Proceedings of the IEEE Symposium on Research in Security and Privacy (S&P). May 1998,
Oakland, CA.
[25] Kai Petersen, Robert Feldt, Shahid Mujtaba, and Michael Mattsson. 2008. Systematic
mapping studies in software engineering. In Proceedings of the 12th international conference on
Evaluation and Assessment in Software Engineering (EASE’08), Giuseppe Visaggio, Maria
Teresa Baldassarre, Steve Linkman, and Mark Turner (Eds.). BCS Learning & Development
Ltd., Swindon, UK, 68-77.

31. [26] Philipp Offermann, O. L. (2009). Outline of a design science research process. In
Proceedings of the 4th International Conference on Design Science Research in Information
Systems and Technology (DESRIST ’09).
[27] Ricardo Neisse, G. S. (2015). A Model-based Security Toolkit for the Internet of Things.
ScienceDirect.
[28] Robert Bredereck, A. N. (2014). The effect of homogeneity on the computational
complexity of combinatorial data anonymization. Data Mining and Knowledge Discovery,
Volume 28, Number 1,65.
[29] Samani A., H. H. (2015). Privacy in Internet of Things: A Model and Protection
Framework. The 6th International Conference on Ambient Systems, Networks and Technologies
(ANT-2015), the 5th
International Conference on Sustainable Energy Information Technology
(SEIT-2015) (pp. Volume 52, 2015, Pages 606-613). Procedia Computer Science.
[30] Shmatikov, J. B. (2006). Efficient anonymity-preserving data collection. In Proceedings of
the 12th
ACM SIGKDD international conference on Knowledge discovery and data mining
(KDD ’06).ACM, New York, NY, USA, (pp. 76-85).
[31] Syazarin, N., Aziz, N. A., Daud, S. M., & Syarif, S. A. (2017). An Overview on Security
Features or Internet of Things (IoT) in Perception Layer. Journal of Engineering and Applied
Sciences.
[32] Usha P., R. S. (2014). Sensitive attribute based non-homogeneous anonymization for
privacy preserving data mining. International Conference on Information Communication and
Embedded Systems (ICICES2014), 1.
[33] Venable, J. (2006). The Role of Theory and Theorising in Design Science Research. First
International Conference on Design Science Research in Information Systems and Technology,
(pp.1-18). Claremont, CA: Claremont Graduate University.
[34] Xiao L, H. B. (2010). A knowledgeable security model for distributed health information
systems. Computers & Security., (pp. 331-349).
[35] Xin Ma, Q. H. (2010). Study on the Applications of Internet of Things in the Field of Public
Safety. China Safety Science Journal, 20(007):170-176.
[36] Yunjung Lee, Y. P. (2015). "Security Threats Analysis and Considerations for Internet of
Things". 2015 8th International Conference on Security Technology (SecTech), (pp. vol. 00, no.
, pp. 28- 30).
[37] ZhangW., B. Q. (2013). Security Architecture of the Internet of Things Oriented to
Perceptual Layer. in International Journal on Computer, Consumer and Control (IJ3C), Volume
2, No.2.

32. [38] Zhiqiang Yang, S. Z. (2005). Anonymity-preserving data collection. In Proceedings of the
eleventh ACM SIGKDD international conference on Knowledge discovery in data mining (KDD
’05). ACM,New York, NY, USA, (pp. 334-343).
AUTHORS
Moussa WITTI is a consulting engineer and IT architect in the R&D. He is
advising bank and insurance firms in content and data management. He has
more than 13 years of IT application development and deployment experience.
He has obtained an MBA from Toulouse Business School and master
Research in Computer Science from university of Franche-Comté in Besançon
(FRANCE).
Dimitri KONSTANTAS is Professor at the University of Geneva (CH) and
director of the . He has been active since 1987 in research in the areas of
Object Oriented systems, agent technologies, and mobile health systems, with
numerous publications in international conferences and journals. His current
interests are Mobile Services and Applications with special focus in the well-
being services for elderly and information security. Professor D. Konstantas
has a long participation in European research and industrial projects and is
consultant and expert to several European companies and governments.