Forthcoming and Online First Articles

International Journal of Information and Computer Security

International Journal of Information and Computer Security (IJICS)

Forthcoming articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Online First articles are published online here, before they appear in a journal issue. Online First articles are fully citeable, complete with a DOI. They can be cited, read, and downloaded. Online First articles are published as Open Access (OA) articles to make the latest research available as early as possible.

Open AccessArticles marked with this Open Access icon are Online First articles. They are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.

Register for our alerting service, which notifies you by email when new issues are published online.

International Journal of Information and Computer Security (25 papers in press)

Regular Issues

  • Post-Quantum zk-SNARKs from QAPs   Order a copy of this article
    by Ken Naganuma, Masayuki Yoshino, Noboru Kunihiro, Atsuo Inoue, Yukinori Matsuoka, Mineaki Okazaki 
    Abstract: In recent years, the zero-knowledge proof and zero-knowledge succinct non-interactive argument of knowledge (zk-SNARK) have drawn significant attention as privacy-enhancing technologies in various domains, especially the cryptocurrency industry and verifiable computations. rnA post-quantum designated verifier type zk-SNARK for Boolean circuits was proposed by Gennaro et al. in ACM CCS '18. However, this scheme does not include arithmetic circuits. Furthermore, it is difficult to use it in various applications. Their paper described the construction of a post-quantum designated verifier zk-SNARK for arithmetic circuits from quadratic arithmetic programs (QAPs) as an open problem. rnRecently, Nitulescu proposed a post-quantum designated verifier zk-SNARK for arithmetic circuits using square arithmetic programs (SAPs), which are the special cases of QAPs. rnIn this paper, we give other answers to this problem and propose rntwo post-quantum designated verifier zk-SNARK schemes for arithmetic circuits using QAPs. Our first proposal is based on the data structure used in Pinocchio, a previous study, and can be easily implemented using the existing Pinocchio-based systems. Furthermore, this scheme does not require strong security assumptions. rnIn our second proposal, which also employs QAPs, the zero-knowledge proof comprises three learning with errors (LWE) ciphertexts, and the size of the proof is smaller compared with that of the first proposal. Our second proposal is also more efficient than the first one or all other known post-quantum zk-SNARKs. rnWe implemented our proposed schemes and other known schemes using the libsnark library. Our experimental results show that the second scheme is faster than the previous post-quantum zk-SNARK schemes. rnThe second scheme can generate a zero-knowledge proof for an arithmetic circuit that comprises $2^{16}$ gates in a processing time of only 50 s, which is approximately three times faster than that of the post-quantum zk-SNARKs by Gennaro et al. or two times faster than the one by Nitulescu.
    Keywords: Zero-knowledge proof; zk-SNARKs; LWE encryption; Blockchain technology; Post-quantum cryptography.

  • Contrast Enhancement in Probabilistic Visual Cryptography Schemes: A Pixel-Count based Approach   Order a copy of this article
    by Jisha T. E, Thomas Monoth 
    Abstract: The concerns with pixel expansion are eliminated by the introduction of size-invariant visual cryptography techniques. In the field of visual cryptography, the contrast of the decrypted image continues to be a hurdle. The two existing schemes in visual cryptography are the perfect reconstruction of black pixels and the perfect reconstruction of white pixels. In the current study, we introduce a size-invariant probabilistic technique, where the contrast of the deciphered image depends on the chosen scheme. Which scheme is employed depends on the total amount of black and white pixels in the covert image. Here, we’ve described the development and effectiveness of non-expanded probabilistic visual cryptography schemes with the perfect reconstruction of both black and white pixels that were based on several research studies. These schemes include (2, 2), (2, n), (n, n) and (k, n). We analysed the data using tables and charts to demonstrate the effectiveness of the suggested model, and we discovered that the projected models enhanced the contrast.
    Keywords: probabilistic; size-invariant; black and white pixels; visual quality; visual cryptography scheme.
    DOI: 10.1504/IJICS.2024.10064753
     
  • Cryptanalysis and Improvement of a Secure Communication Protocol for Smart Healthcare System   Order a copy of this article
    by Devender Kumar, Deepak Kumar Sharma, Parth Jain, Sumit Bhati, Amit Kumar 
    Abstract: There are many applications based on wireless technology and cloud computing in various fields. One such field that uses this technology is telemedicine or mobile healthcare. But with an increase in usage, these systems should be protected efficiently. Security is the greatest concern in this field. Recently, Sureshkumar et al. have proposed a protocol for a smart healthcare system, which uses 3-factor authentication. Here we cryptanalyze their scheme and find that it cannot withstand against the user impersonation attack, denial of service attack, privileged insider attack and gateway impersonation. To overcome these weaknesses, we propose an authentication protocol for smart healthcare system. To validate our claim, we use the ProVerif tool for formal security verification and compare our protocol with some related schemes. We also show that the proposed protocol is more secure and efficient than the related schemes.
    Keywords: User authentication; healthcare systems; denial of service attack; user impersonation attack; session key agreement; insider attack; sensor node.
    DOI: 10.1504/IJICS.2024.10064755
     
  • Blockchain-Based Composite Access Control and Secret Sharing Based Data Distribution for Security-Aware Deployments   Order a copy of this article
    by Kalyani Pampattiwar, Pallavi Chavan 
    Abstract: Securing cloud deployments includes patching and processing data from all input end-points that causes abnormal functioning and intrusions To incorporate security measures into cloud installations, many security models uses single or dual control mechanisms Cloud deployments are built on static rules, limiting their scalability to certain attack scenarios To address these limitations, this article presents a novel blockchain-based composite access control and secret sharing-based data distribution architecture for security-aware deployments The proposed model splits and merges sidechains using a Modified Genetic Algorithm Quality of Service awareness with federated deep learning improves model’s performance This approach combines swarm intelligence with secret sharing and provides dynamic as well as efficient data distribution in the cloud The model helps to mitigate Distributed Denial of Service, Finney, Man in the Middle, Sybil network attacks, SQL injection and query-based attacks The model’s Quality of Service performance is monitored and compared against state-of-the-art models.
    Keywords: Blockchain; Authentication; Access Control; Secret Sharing; Swarm intelligence; Federated Learning; Cloud; Genetic Algorithm; Quality of Service; Security.
    DOI: 10.1504/IJICS.2024.10064756
     
  • IDMS Quantum Password-Authenticated Key Exchange Protocols   Order a copy of this article
    by Lu Zhang, Yan Sun, Yingfei Xu, Hongfeng Zhu 
    Abstract: In this paper, we design an ID-based M-server quantum password-authenticated key exchange scheme, where the client computes a strong key from its password and splits the key into m portions, and then encrypts them and sends them to m servers to be used as the basis for encryption and decryption in the subsequent key exchange process. The adoption of multiple servers can effectively prevent third-party attacks on the server and ensure the security of the key information, which is just like a complex secret sharing mechanism in traditional computational cryptography, for example, secret sharing (m, n) threshold scheme, but our new quantum fusion technology to realise the secret sharing mechanism is more efficient and simpler. Finally, through analysis, our scheme can meet most of the security requirements and perform well. It is feasible to implement the protocol under the existing quantum technology.
    Keywords: quantum technology; password-authenticated key exchange; secret sharing; multiple servers.
    DOI: 10.1504/IJICS.2024.10064758
     
  • The APT Family Classification System Based on APT Call Sequences and Attention Mechanism   Order a copy of this article
    by Zeng Shou, Yue-bin Di, Xiao Ma, Rui-chao Xu, He-qiu Chai, Long Yin 
    Abstract: Among the many cyber attack activities, Advanced Persistent Threat (APT) has caused more serious impact on enterprises, and the malware used by hacker groups is also very complex, which poses a great obstacle to analyze and trace the source However, malware used by the same hacker group is internally correlated, and there are differences in malware between different hacker groups Currently, deep learning has achieved results in many fields, and its application in the security field is becoming more and more widespread In this paper, we design an APT family classification system based on API call sequences, which extracts API call sequences from malware and uses a one-dimensional convolutional neural network with attention mechanism for classification The system is tested on a test dataset of 12 different families of 12 different families of malware, and the test results show that the system has high accuracy as well as practicality.
    Keywords: APT; Dynamic Analysis; Convolutional Neural Network.
    DOI: 10.1504/IJICS.2024.10064759
     
  • A User Transaction Privacy Protection Protocol Supporting Regulations on Account Based Blockchain   Order a copy of this article
    by Nan Wang, Yuqin Luo, Hao Liu, Haibo Tian 
    Abstract: Financial institutions using blockchain smart contracts need to adhere to real-world regulations. Data on blockchain is easily accessible, so privacy protection is crucial. Our goal is to introduce an efficient protocol that satisfies both user privacy protection and hierarchical regulatory requirements, without the need for zero-knowledge proofs. To achieve this, we've developed two innovative design strategies. Firstly, we envision financial institutions serving as transaction mixers for their users. This approach offers an additional layer of privacy by obfuscating the source of each transaction. Secondly, we depend on regulatory agencies to oversee the compliance of blockchain transactions. This ensures that our protocol aligns with regulatory requirements while maintaining user privacy. The resulting protocol offers superior privacy protection for user transactions, with provable security and computational efficiency.
    Keywords: Privacy Protection; User Transaction; Hierarchical Supervision; Transaction Mixer; Financial Institution; Regulatory Agency.
    DOI: 10.1504/IJICS.2024.10065235
     
  • A blended approach of static binary mining and exploratory data analysis to obtain the security posture of embedded systems firmware   Order a copy of this article
    by Mahesh Patil, Shailaja C. Patil 
    Abstract: In the era of connected embedded systems, devices are often targeted by sophisticated cyber-attacks. The entry point for these attacks is more often through firmware and hence analysing its security is vital. This research presents an innovative method for evaluating the security posture of firmware by examining its binary constituents. The approach combines static binary mining techniques with exploratory data analysis to visually depict the security posture of firmware. This aids in providing a comprehensive perspective of its weaknesses and strengths. To validate the effectiveness of the proposed approach and methodology, an in-depth security analysis is carried out on five real world firmware samples. The selection of these firmware samples encompasses a wide range of devices and applications, thereby assuring the broad relevance of the findings. The results demonstrate the efficacy of this technique in revealing and visually representing different firmware security characteristics, such as the firmware attack surface, the effectiveness of binary protection mechanisms, and the overall security resilience. The methodology is implemented as an open source tool named fw2ai, which automates the security analysis serving the needs of both security researchers and practitioners.
    Keywords: binary analysis; embedded systems; exploratory data analyses; firmware security posture; internet of things; IoT.
    DOI: 10.1504/IJICS.2024.10065236
     
  • A Lattice-Based CP-ABE Scheme with Immediate Attribute Revocation   Order a copy of this article
    by Miao He, Nurmamat Helil 
    Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is suitable for providing secure data-sharing services in the cloud storage scenario. However, attribute revocation in CP-ABE is a sticky issue. The research achievement on quantum computing makes the traditional CP-ABE no longer secure. Fortunately, lattice-based CP-ABE can resist quantum attacks. This paper proposes a lattice-based CP-ABE scheme with a tree access structure that supports the immediate revocation of attributes. This scheme is resistant to quantum and collusion attacks and has a shorter ciphertext size, reducing the computational overhead of ciphertext re-encryption in the attribute revocation process. Finally, it is shown that, under the standard model, the scheme is proven secure against chosen-plaintext attacks (CPA), and its security can be attributed to the learning with errors (LWE) difficulty problem.
    Keywords: Lattice-Cryptography; CP-ABE; Attribute Revocation; Collusion Attacks; LWE.
    DOI: 10.1504/IJICS.2024.10065237
     
  • Method for Botnet Detection with small Labeled Samples Based on Graph Neural Network   Order a copy of this article
    by Junjing Zhu, Honggang Lin 
    Abstract: Deep learning-based botnet detection techniques need to be trained using a large number of labelled samples, which is incompatible with the current environment where botnets occur in short cycles and mutate quickly. Therefore, we propose a PAR-BD method based on graph neural networks. Using an autoregressive method to generate interdependent host nodes and communication edges, we pre-train the graph neural network; using the pre-trained model to initialise the detection model and using a small number of labelled botnet samples to train the model, to improve the accuracy of botnet detection under small samples. The experimental results show that when using this method for botnet detection with few labelled samples, the results are better than graph node classification method, few nodes classification method, and few labelled graph node classification method.
    Keywords: botnet; botnet detection; small labelled sample detection; pre-training; self-supervised learning.
    DOI: 10.1504/IJICS.2024.10065734
     
  • An Ensemble Classification Model for Improved Performance of Phishing Detection System   Order a copy of this article
    by Moumita Sahoo, Sabyasachi Samanta, Soumen Ghosh 
    Abstract: Individuals and organisations are at risk of money losses and data compromise from phishing attempts. Traditional rule-based phishing detection methods fail to keep up with attacker strategies. The need for more advanced and adaptive phishing defences is growing. An ensemble classification model for phishing detection system is proposed to address this difficulty. We analysed a large dataset of known phishing assaults to identify common patterns and traits. Initially, the raw phishing data have pre-processed using quantile transformation to convert variable’s distribution to normal distribution and to mitigate the impact of outliers. The proposed ensemble prediction model has segregated phishing e-mails, webpages, and other dangerous information. The classifier’s performance is enhanced further by employing the random search approach to tweak a set of carefully chosen hyper-parameters. When compared to other state-of-the-art methodologies, our system’s results have achieved competitive performance. Thus, the suggested model is a promising ensemble-based phishing detection solution.
    Keywords: cyber security; phishing; data breaches; quantile transformation; random forest ensemble classifier; RFEC; hyper-parameter tuning; cross-fold validation.
    DOI: 10.1504/IJICS.2024.10065735
     
  • An efficient Cyberbullying detection framework on Social Media Platforms using a hybrid Deep Learning model   Order a copy of this article
    by Geetha R, Belshia Jebamalar, Darshan Vignesh B. G, Kamalanaban E, Srinath Doss 
    Abstract: People in social media are more vulnerable to the negative effects and the most serious consequences of utilising social media is cyberbullying. Cyberbullying is an offensive and deliberate act perpetrated online by a particular individual or an organisational structure. It is brought about by sending, publishing, and disseminating offensive, dangerous, and misleading information online. As cyberbullying becomes increasingly prevalent in social media, automatically detecting it and taking proactive steps to address it becomes critical. Humiliation of an individual in social media causes psychological disturbance in one’s life, in order to have a safe and secure platform. A hybrid deep learning model has been used that combines convolutional neural network (CNN) and long short-term memory (LSTM) to detect cyberbullying more precisely and effectively in this paper. Using convolutional layers and max-pooling layers, the CNN model recovers higher level features efficiently. Long-term dependencies between word sequences can be captured using the LSTM model. The findings reveal that in terms of accuracy, the presented hybrid CNN-LSTM Model performs better than standard approaches for machine learning and deep learning.
    Keywords: cyberbullying; security; convolutional neural network; CNN; long short-term memory; LSTM; max-pooling.
    DOI: 10.1504/IJICS.2024.10066295
     
  • A Collision Proof Energy Efficient Lightweight Hybrid Cryptosystem for Fog   Order a copy of this article
    by Sandeep Kumar, Ritu Garg 
    Abstract: Fog computing extends cloud capabilities to the network edge, aiding IoT and users. It mitigates cloud issues like latency and reliability. However, fog’s limited resources pose security vulnerabilities like data theft and unauthorised access. To tackle this, we proposed a lightweight, energy-efficient hybrid cryptosystem with dynamic key changes. This optimises fog node energy usage and the proposed security system is collision proof and uses proportional offloading to ensure the delivery of subscribed data to fog/cloud. We have utilised chosen-ciphertext attribute-based encryption scheme to produce the keys and principles of ECC-Elgamal are considered for encryption/decryption of data. Finally, the performance evaluation and security attacks analysis depicts that our security system performs better in terms of optimal energy utilisation, overall computation overhead as well as mitigating the attacks in contrast with other state of art methodologies.
    Keywords: fog computing; elliptic curve cryptography; ECC; CP-ABE; dynamic key change; attacks; access control.
    DOI: 10.1504/IJICS.2024.10066296
     
  • Common key multi-hop packet authentication protocol for Wireless Mesh Networks   Order a copy of this article
    by Vanlalhruaia Chhakchhuak, Ajoy Kumar Khan, Amit Kumar Roy 
    Abstract: To achieve security with efficiency in wireless mesh networks (WMNs) is an important issue due to its distributed nature and absence of centralised authority. Due to the absence of central authority, the authentication becomes a challenging task in WMNs. Several attacks could be easily launched in WMNs such as replay attack and impersonation attack. These types of attacks could be launched by an intruders by injecting malicious packets throughout the network among mesh entities. Therefore to overcome from such attacks, we had proposed an efficient multi-hop packet authentication protocol known as
    Keywords: WMNs Architecture; Attack types; Packet authentication; Data Integration; Diffie-Hellman.
    DOI: 10.1504/IJICS.2024.10066297
     
  • An Efficient Block Cipher Based on Multiple Optimal Quasigroups   Order a copy of this article
    by Umesh Kumar, V. Ch. Venkaiah 
    Abstract: An efficient block cipher that uses 16 optimal quasigroups is proposed in this paper. All the 16 optimal quasigroups are created using the 16 optimal S-boxes of 4x4 bits with the lowest differential and linearity characteristics. These S-boxes are secure against differential and linear attacks. The new block cipher is implemented in C++, compared its performance with the existing quasigroup based block ciphers, and found that the proposed cipher is more efficient than existing quasigroup based proposals. The proposed cipher is analyzed against various attacks including differential and linear attacks and we found it to be resistant to these attacks. Also, we evaluated our cipher using various statistical tests of the NIST-STS test suite, and we found it to pass each of these tests. We also established in this study that the randomness of our cipher is almost the same as that of the AES-128.
    Keywords: AES-128; Cryptography; Block cipher; Latin square; NIST-STS; Optimal quasigroup.
    DOI: 10.1504/IJICS.2024.10066298
     
  • Entropy Dragon Fly Optimization (EDFOA) Based Cluster Head Selection and Deep Learning Clone Node Detection (DLCND) For Wireless Sensor Network (WSN)   Order a copy of this article
    by K.JANE NITHYA, SHYAMALA KANNAN 
    Abstract: In a network with no fixed infrastructure, a wireless sensor network comprises mobile nodes that communicate with one another using wireless networks. Node clone attacks can exploit WSN. Attackers take control of one sensor node, create numerous copies with the same identity (ID), and spread these copies throughout the network. Clones appear authentic since they have all the credentials of a real member. The clustering of WSN nodes, a fundamental process, aims to achieve load balancing and prolonged network lifetime. This study created the energy efficient sleep awake aware protocol, which improves energy efficiency and chooses the appropriate CH based on node energy. The volume of data and distance between nodes and the base station determine WSN energy efficiency. The dragonfly optimisation technique boosts network performance. Deep learning clone node detection has been introduced to identify WSN clones. Clone identification is essential for preventing cloning assaults. A cheap identity verification approach can find clones locally and globally. Final validation of the suggested approach is done extensively with network simulator 2. (NS2). After the performance analysis, the scheme’s effectiveness is assessed by comparing planned and present methods.
    Keywords: clone attack; energy efficient sleep awake aware; EESAA; entropy dragonfly optimisation; EDFO; deep learning clone node detection; DLCND; wireless sensor network; WSN; quality of service.
    DOI: 10.1504/IJICS.2024.10067449
     
  • Optimizing the detection of Metamorphic Malwares using ensemble learning technique   Order a copy of this article
    by Vinay Kumar, Abhishek Vaish 
    Abstract: Metamorphic malware is a significant challenge for traditional malware detection techniques, as it continuously changes its code to evade its detection. The behavior-based approach involves analyzing the behavior of malware rather than its code. By monitoring the system’s behavior, it is possible to detect malicious activity that may be associated with malware. We have proposed API call-based technique to detect metamorphic malware. Our approach involves finding the top 30 malicious API calls having the highest probability score based on extra trees classifier and identifying patterns of malicious API calls that indicate malicious behavior. This paper presents an API call-based detection technique and proposes a novel approach based on ensemble learning techniques. The proposed algorithm has an accuracy of 0.99 and the f1-score is 0.85. Our system can detect changes in the code structure and behavior of the malware, even if the malware’s binary code has been obfuscated into a new variant. We demonstrate the effectiveness using a benchmark dataset of metamorphic malware.
    Keywords: metamorphic malware; gradient boosting; random forest; api calls.
    DOI: 10.1504/IJICS.2024.10067450
     
  • A Survey: On Detection and Prevention Techniques of SQL Injection Attacks   Order a copy of this article
    by Anwesha Kashyap, ANGSHUMAN JANA 
    Abstract: We are constantly exposed to the extensive usage of online applications in our daily lives. The web application’s backend uses database technology that stores and processes sensitive data. One of the primary concerns of a web application in terms of data security is to safeguard sensitive data in the database. SQL Injection Attacks are one of the most serious security concerns of web applications (SQLIA). Akamai report suggests that SQLIAs accounted for more than 72 percent of all web application security attacks in the last 5 years. Therefore, SQLIA is one of the most severe attacks used against database-driven web applications, which compromises data privacy. It is a code injection type attack where an attacker injects malicious SQL queries to get unauthorized access to the database. Several research proposals have been published to address these security threats. In this paper, we first provide the current state-of- the-art on SQLIA and
    Keywords: Data Security; Database Program; SQL Injection Attacks.
    DOI: 10.1504/IJICS.2024.10067451
     
  • Blockchain Based Dynamic Social Spider Optimization (BC-DSSO) Network Optimization for Supply Chain in IoT   Order a copy of this article
    by Anitha Rajendran, Dinesh Rai 
    Abstract: Supply chain management (SCM) in large-scale industries is evolving into a complex value network that offers competitive advantages. BC, with its distributed public ledger, is an excellent tool for enhancing SCM quality. However, network optimisation during data transmission and routing in blockchain technology remains a significant and challenging issue. Additionally, there are technical challenges related to source verification and security within SCM. This paper introduces BC-DSSO for optimising IoT nodes. It highlights the main characteristics of BC technology, such as smart contracts, decentralisation, security, and transparency. The DSSO algorithm is inspired by the foraging strategy of social spiders, which use web vibrations to locate prey and choose the best routes. DSSO improves the efficiency and speed of communication between nodes in a network. Blockchain enhances supply chain visibility and transparency, increasing trust in the model. IoT technology is utilised to track and monitor the activity of products within supply chains. BC-DSSO involves four key steps: hash function, encoding, TM, and routing. During the TM step, node behaviour is supervised by a GRU classifier. The results are measured using metrics such as PDR, PLR, throughput, and correct blocks.
    Keywords: internet of things; IoT; supply chain management; SCM; gated recurrent unit; GRU; network optimisation; blockchain-dynamic social spider optimisation.
    DOI: 10.1504/IJICS.2024.10067452
     
  • HP-CP-ABE scheme against collusion attacks under an attribute-key security model   Order a copy of this article
    by Keshuo Sun, Haiying Gao, Chao Ma, Bin Hu, Xiufeng Zhao 
    Abstract: Attribute-based encryption (ABE) is crucial for ciphertext access control in cloud settings. In this paper, we evaluate the resilience of classical ABE schemes to specific attacks, ensuring only robust schemes are employed and informing the design of secure ABE schemes. We demonstrate an attributekey attack on two ciphertext-policy ABE (CP-ABE) schemes using illegitimate private keys. To quantify the security of private keys against collusion, we propose a novel attribute-key security model. At last, we present a hidden-policy CP-ABE (HP-CP-ABE) scheme, proving its selective security and resistance to collusion attacks.
    Keywords: Attribute-based Encryption; Collusion Attack; Attribute-key Attack; Selective Security.
    DOI: 10.1504/IJICS.2024.10067453
     
  • Detection of malware in ground control stations of unmanned aerial vehicles based on image processing   Order a copy of this article
    by Orkhan Valikhanli 
    Abstract: Recently, unmanned aerial vehicles (UAVs) have become very popular due to their wide range of applications. UAVs are quite popular because they are more affordable and simpler to use compared to other vehicular systems. However, as with other cyber physical systems UAVs and their ground control stations (GCSs) may also be targeted by attackers. In this work, grey-scale images are analysed to detect malwares in GCSs. The proposed hybrid model is based on ResNet-50 and support vector machine (SVM). ResNet-50 is used to extract necessary features from images. Subsequently, SVM is used to classify malware based on extracted features. Moreover, other hybrid models are also tested in this work to compare final results. As a result, proposed model achieved 98.62% accuracy.
    Keywords: unmanned aerial vehicle; UAV; ground control station; GCS; image processing; cyberattack; malware.
    DOI: 10.1504/IJICS.2024.10067454
     
  • The Role of User Awareness in The Information Technology and Security Governance Nexus   Order a copy of this article
    by Emmanuel Adu-Mensah, Solomon Odei-Appiah, Joseph Adjei, Enoch E. Ayivor 
    Abstract: This study proposes a model to explain the interplay among Information Security Governance, Information Technology Governance, and Information Security Awareness, with guidance from the Information Security Governance Theoretical Lens. Employing a questionnaire survey with a sample size of 300 and Structural Equation Modeling, the study revealed several key relationships: Business/IT Strategic Alignment positively correlates with Information Technology Governance, underscoring the importance of aligning IT strategies with broader organizational goals. Weak but consistent positive relationship is identified between Value Delivery and Information Technology Governance, emphasizing the link between extracting value from IT investments and effective governance. Contrary to expectations, Risk Management and Information Security Governance exhibit an inverse relationship. Information Security Awareness shows a significant but inverse relationship with Information Security Governance. Both Resource Management and Information Technology Governance, as well as Performance Measurement and Information Technology Governance, demonstrate no significant relationships, suggesting that adept resource management and performance monitoring alone may not ensure enhanced governance.
    Keywords: Information Technology Governance; Information Security Governance; Information Security Awareness.
    DOI: 10.1504/IJICS.2024.10068110
     
  • NAIBI: A Neighbor-vehicle Approach for Anomaly Detection of Basic Safety Message Falsification in Internet of Vehicles Using Machine Learning   Order a copy of this article
    by Hussaini Aliyu Idris, Kazunori Ueda, Bassem Mokhtar, Samir A. Elsagheer Mohamed 
    Abstract: The alarming rate of fatality and injuries recorded through road accidents call for the deployment of intelligent transportation system (ITS). The internet of vehicles (IoV), being the backbone of ITS, provides vehicles with standards and protocols to disseminate Basic Safety Messages (BSM) containing kinematic information to other vehicles and infrastructures, making the IoV a complex network and therefore susceptible to cyberattacks. Despite employing public-key infrastructure (PKI) to ensure BSMs are digitally signed and authenticated, insider attackers can still falsify BSMs and cause chaos in the network. The research community has contributed by proposing data-centric approaches however, the over-reliance on one vehicle BSM data for training and inference gives the attacker an upper hand . To address these drawbacks, we proposed a machine learning-based neighbor-vehicle approach for anomaly detection of BSM falsification in IoV (NAIBI) and demonstrate its superiority over the state-of-the-art which exceeds 99% in Accuracy, Precision, Recall and F1-Score.
    Keywords: Machine learning; Intelligent Transportation System; Misbehavior detection system (MDS); internet of vehicle (IoV); BSM falsification attack.
    DOI: 10.1504/IJICS.2024.10068111
     
  • A secure and anonymous authentication and key agreement protocol based on ECC for edge computing environment   Order a copy of this article
    by Upendra Verma, Kapil Kumar Nagawanshi 
    Abstract: Edge computing provides various services closer to the smart devices. However, devices have limited computational resources; hence, security procedure should be anonymous and lightweight for edge computing environment. Therefore, the proposed work designs a secure and anonymous authentication and key agreement scheme based on elliptic curve cryptography (ECC). The informal security assessment indicates the proposed scheme resilience to various cryptographic attacks. The performance of proposed scheme is improved in terms of computation, storage and communication overhead. The correctness and robustness of the proposed scheme are confirmed by formal security analysis employing Burrows-Abadi-Needham (BAN) predicate logic. The research also demonstrates a comparative analysis of proposed scheme to the related schemes in terms of various security features. Finally, the proposed scheme undergoes formal security verification through the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to validate correctness and security. Simulation results confirm our approach's resilience to cryptographic attacks.
    Keywords: Security and Privacy; ECC; Hash function; Edge computing; BAN predicate logic; AVISPA.
    DOI: 10.1504/IJICS.2024.10068112
     
  • Mean Black Widow-Based Optimization (MBWO) Feature Selection and Enhanced Kernel-Based SVM Classifier for Cyberbullying Twitter Data   Order a copy of this article
    by Menaka M, Sujatha P 
    Abstract: People are using online social networks (OSNs) to interact with others worldwide and discuss their preferences, which can lead to cyberbullying. A cyberbully sends threatening or damaging messages online. Social media cyberbullying must be found and stopped. For this, AI computations including pre-processing, highlight extraction, and grouping were built. Pre-processing Twitter data with tokenisation and stemming removes noise. Highlight extraction uses common data and SAE. Several AI classifiers detect cyberbullying. Due to the complexity of cyberbullying, identifying the best selection of features is difficult, affecting detection system scalability. Thus, this study selects and optimises parameters to improve cyberbullying categorisation. Twitter data is collected and pre-processed to remove stop words and other unwanted words. TF-IDF and SAE are used to extract features from pre-processed data. MBWO then selects the component subset that best reduces information dimensionality. To determine cyber bullying events, an enhanced bit support vector machine (EK-SVM) classifier uses these
    Keywords: Online Social Networks (OSN); Mean Black Widow-based Optimization (MBWO); and Enhanced Kernel Support Vector Machine (EK-SVM); Stacked Auto-Encoder (SAE); Term Frequency-Inverse Document Frequency.
    DOI: 10.1504/IJICS.2024.10068113
     

 

Return to top