Security in Computing and Communications: 7th International Symposium, SSCC 2019, Trivandrum, India, December 18–21, 2019, Revised Selected Papers ... in Computer and Information Science, 1208)

Preface
Organization
Contents
Malware Detection in Android Applications Using Integrated Static Features
	1 Introduction
	2 Related Works
	3 Proposed Approach
		3.1 Disassembling
		3.2 Feature Extraction
		3.3 Feature Selection
		3.4 Classification
	4 Experimental Setup and Evaluation
	5 Conclusion and Future Work
	References
Intrusion Prediction and Detection with Deep Sequence Modeling
	1 Introduction
	2 Related Work
		2.1 Deep Learning
		2.2 Intrusion Prediction and Detection Systems
	3 System-Call Modelling
		3.1 Approach Outline
		3.2 Prediction Model
	4 System Evaluation
		4.1 Datasets
		4.2 Learning Process
		4.3 Result Analysis
		4.4 Conclusion
	References
Secure Authentication Using One Time Contextual QR Code
	1 Introduction
		1.1 Use of Quick Response (QR) Code for Securing Applications
	2 Related Works
		2.1 Lamport and S/Key One-Time Password System
		2.2 Scheme of Bicakci and Baykal
		2.3 RSA SecurID Authenticator
		2.4 Scheme of Eldefrawy et al.
	3 Proposed Solution
		3.1 Registration Phase
		3.2 Device Setup
		3.3 Authentication Phase
		3.4 Authentication Server—Verify OTP
	4 Security Analysis, Applicability and Discussion
		4.1 Security Analysis
		4.2 Applicability
		4.3 Discussion
	5 Usability Study
	6 Conclusion and Future Work
	References
A Proximity-Based Measure for Quantifying the Risk of Vulnerabilities*-6pt
	1 Introduction
	2 Network Specific Risk Conditions
		2.1 Attack Path Resistance
		2.2 Vulnerability (or Exploit) Diversity Along the Attack Path
		2.3 Risk of the Neighboring Vulnerabilities
		2.4 The Conjunctive (AND) and Disjunctive (OR) Dependency Between Predecessors
	3 Measuring Security Risk of Vulnerabilities
		3.1 Diversity-Adjusted Vulnerability Score (DVS)
		3.2 Neighborhood Proximity-Adjusted Vulnerability Score (NPVS)
		3.3 Relative Cumulative Risk
		3.4 Computational Complexity
	4 Experimental Setup and Results
	5 Conclusion
	References
Man-in-the-browser Attack: A Case Study on Malicious Browser Extensions
	1 Introduction
	2 The Attack
	3 Implementation
	4 Experiment
	5 Discussion and Countermeasures
	6 Conclusion
	References
Detection and Analysis of Drive-by Downloads and Malicious Websites
	1 Introduction
	2 Related Work
		2.1 Using Web Crawler to Detect Drive by Downloads
		2.2 Antivirus Software to Detect Drive-by Downloads Malware
		2.3 BrowserGuard as a Behavior-Based Solution
		2.4 A Framework for DBD Attacks with Users Voluntary Monitoring of the Web
		2.5 HTML and JavaScript Feature for Detecting the Drive-by Download
		2.6 Approach to Detect Drive-by Download Based on Characters
		2.7 Enhanced Approach for Malware Downloading
		2.8 Analyze Redirection Code for Mining URLs
		2.9 Visualize the Flow of HTTP Traffic
		2.10 Drive-by Download as a Large Scale Web Attacks
	3 Methodology
		3.1 Dataset
		3.2 Feature Selection
		3.3 Classification
	4 Results
		4.1 Metrics
		4.2 Naive Bayes
		4.3 JRIP
		4.4 J48
	5 Conclusions
	References
Intrusion Detection Systems for Smart Home IoT Devices: Experimental Comparison Study
	1 Introduction
	2 Related Work
	3 Intrusion Detection Systems Snort, Suricata and Bro
	4 Experimental Methodology
		4.1 Experimental Setup
		4.2 Experiments Results
	5 Conclusion
	References
A Resilient Hierarchical Checkpointing Algorithm for Distributed Systems Running on Cluster Federation
	1 Introduction
	2 System Model
	3 Related Work
	4 Proposed Algorithm
		4.1 Basic Idea
		4.2 Checkpointing Implementation
		4.3 Data Structure and Pseudo Code
		4.4 Recovery Implementation
	5 Comparison of the Performances of Various Algorithms
	6 Simulation Results
	7 Conclusions and Future Research Direction
	References
Towards Evaluating the Robustness of Deep Intrusion Detection Models in Adversarial Environment
	1 Introduction
	2 Related Work
	3 Background
		3.1 Adversarial Attacks
		3.2 Intrusion Detection System (IDS)
		3.3 Deep Learning (DL) Models
	4 Description of Dataset
	5 Statistical Measures
	6 Experimental Results
	7 Conclusion
	References
Privacy Preserving Profile Matching in Mobile Social Networks: A Comprehensive Survey
	1 Introduction
	2 Profile Matching in Mobile Social Network
	3 Privacy and Security Issues in Mobile Social Networks
	4 Taxonomies of Privacy Preservation Profile Matching
	5 Related Work
		5.1 Coarse-Grained and Centralized Approach
		5.2 Coarse-Grained and Distributed Approach
		5.3 Coarse-Grained and Hybrid Approach
		5.4 Fine-Grained and Distributed Approach
	6 Critical Analysis and Future Directions
	7 Conclusion
	References
Deep Learning Approach for Enhanced Cyber Threat Indicators in Twitter Stream
	1 Introduction
	2 Literature Survey
	3 Background
		3.1 Text Representation
		3.2 Deep Learning
	4 Description of the Data Set
	5 Proposed Architecture
	6 Experiments, Results and Observations
	7 Conclusion and Future Work
	References
Improving Sentiment Analysis of Arabic Tweets
	1 Introduction
	2 Related Work
	3 Corpus Collection
	4 Lexicon Generation
	5 Experimental Analysis
	6 Discussion
	7 Conclusion
	References
Energy Awareness and Secure Communication Protocols: The Era of Green Cybersecurity
	1 Introduction
	2 Related Works
	3 Energy-Efficient Security Protocols
	4 A Parametric Assessment Model: Evaluate Energy Consumption of Cryptography Process in Secure Communications
		4.1 Encryption Energy Consumption
		4.2 Modelling Encryption Energy
	5 ``Benchmarking\'\' Energy Consumption of a TLS Secure Communication
		5.1 TLS Cryptography Overhead
		5.2 TLS Key Exchange CPU Usage Evaluation
		5.3 TLS Symmetric Encryption CPU Usage Evaluation
	6 TLS Communication Energy Consumption Evaluation
	7 ``NoCrypto Client TLS Communication\'\': A TLS Energy Oriented Attack
		7.1 Attack Evaluation
	8 Conclusions
	References
Towards a Privacy Web Scanner for End-Users
	1 Introduction
	2 Related Work
		2.1 Tracking Mechanisms
		2.2 Websites Showing Privacy Risks
	3 PrivacyWebScanner: A Web Scanner for Privacy Risks Identification
		3.1 Goals and Requirements for PWS
		3.2 PrivacyWebScanner Architecture
		3.3 PWS Output
	4 Implementation Issues
		4.1 PrivacyScanner
		4.2 Checker
		4.3 CookieChecker
		4.4 ImageChecker
		4.5 IframeChecker
		4.6 JsChecker
	5 Use Cases
	6 Limitations
	7 Conclusions and Future Work
	References
Security of Quantum Cryptography
	1 Introduction
	2 Scientific Security
		2.1 Composable Security
		2.2 Conjugate Coding
		2.3 Bell\'s Inequality
		2.4 Entanglement Distillation
		2.5 Uncertainty Principle
		2.6 GLLP
	3 Categories of Protocols
		3.1 General Eavesdropping Attack
	4 Theory-Experiment Gap
		4.1 Source Imperfection
		4.2 Detection Imperfection
	5 Conclusion
	References
The Impact of a Security Model in a Fog Computing Environment
	1 Introduction
	2 Related Work
	3 Fog Computing Environment Overview
	4 Proposed Security Model
		4.1 Network Join Authentication
		4.2 Data Transmission
		4.3 Data Storage
	5 Experiments and Results
		5.1 Network Usage
		5.2 Average Latency
		5.3 Average Energy Consumption
	6 Conclusion and Future Work
	References
Gotcha-I: A Multiview Human Videos Dataset
	1 Introduction
		1.1 Related Work
		1.2 Security Purpose Applications
	2 Gotcha-I
		2.1 Content of the Dataset
		2.2 Additional Metadata
	3 Conclusion
	References
Enhancing Enterprise IT Security with a Visualization-Based Process Framework
	1 Motivation
	2 State of the Art
	3 Process
		3.1 The Initiation
		3.2 The Question Phase
		3.3 The Data Management Phase
		3.4 The Visualization Phase
		3.5 The Interaction Phase
		3.6 The Iterations
	4 Implementation Guideline
	5 Proof of Concept Vulnerability Management
		5.1 The Initiation
		5.2 The Question Phase
		5.3 The Data Management Phase
		5.4 The Visualization Phase
		5.5 The Interaction Phase
		5.6 Iterations
	6 Conclusion and Future Research
	References
Pipelined Implementation of Millar-Rabin Primality Tester Using Altera FPGA Kit
	1 Introduction
	2 Implementation Environment
	3 Performance Evaluation
	4 Conclusions and Remarks
	References
Realization of Re-configurable True Random Number Generator on FPGA
	1 Introduction
	2 Related Works
	3 Methodology
	4 Simulation Results and Analysis
	5 Conclusion and Discussion
	References
Secret Image Sharing Scheme for Gray-Level Images Using Toeplitz Matrix Based Stream Cipher
	1 Introduction
	2 Preliminaries
		2.1 Nonlinear Update Function
		2.2 Toeplitz Matrix
	3 Toeplitz One-Way Function Based Dynamic KeyStream
	4 Proposed Image Sharing Scheme
		4.1 Proposed Dividing Stage
		4.2 Proposed Restoration Stage
	5 Experimental Results and Analyses
		5.1 Histogram of the Plaintext and Ciphered Images
		5.2 Entropy Analysis
		5.3 Correlation Analysis
		5.4 Pixel Similarity Analysis
		5.5 Randomness Tests
	6 Conclusion
	References
On the Hardware Implementation Performance, of Face Recognition Techniques, for Digital Forensics
	1 Introduction
	2 Fundamental Algorithms in Face Recognition
		2.1 Principal Component Analysis (PCA)
		2.2 Alternative PCA Methods
		2.3 Local Binary Pattern Method
	3 Architectures and FPGA Devices
		3.1 Multi-pipeline Architecture
		3.2 5-Unit Architecture
		3.3 3-Unit Architecture
	4 Commonly Used Face Databases
		4.1 ORL Face Database
		4.2 Yale Face Database
		4.3 AR Face Database
		4.4 Outlook
	5 Implementation Synthesis Results
		5.1 Multi-pipeline Architecture with PCA and Modified PCA Algorithms
		5.2 5-Unit Architecture with PCA Algorithm
		5.3 3-Unit Architecture with LBP Algorithm
	6 Comparisons: Advantages and Trade Offs
	7 Conclusions
	References
Detecting the Zeus Banking Malware Using the Random Forest Binary Classification Algorithm and a Manual Feature Selection Process
	1 Introduction
		1.1 The Growth of Malware and Paper Contribution
		1.2 Introduction to the Zeus Banking Malware
	2 Related Work
		2.1 Detecting Malware Infections Through IDS Driven Dialog Correlation
		2.2 Detecting Bots Using the C4.5 and CFS Feature Selection Algorithm
		2.3 Detection of Randomized Bot Command and Control Traffic on an End-Point Host
	3 Research and Methodology
		3.1 Introduction
		3.2 Research Methodology
		3.3 Data Collection and Preparation
		3.4 Feature Selection and Training Using the RF Algorithm
		3.5 Training the Dataset Using the Random Forest Algorithm
		3.6 Evaluation of the Random Forest Machine Learning Algorithm (Testing)
		3.7 Conclusion
		3.8 Further Work
	References
Exploitation of HTTP/2 Proxies for Cryptojacking
	1 Introduction
	2 Background
		2.1 HTTP/2 Protocol Overview
		2.2 Proxy
		2.3 Cryptojacking
		2.4 Coinhive
	3 Experimental Setup
		3.1 HTTP/2 Server Setup
		3.2 Anonymous Open Proxy
		3.3 Client Machine
	4 Attack Methodology
	5 Results
		5.1 Client Impact
		5.2 Analysis
		5.3 Modifications
	6 Conclusion
	References
Android Malware Detector Based on Sequences of System Calls and Bidirectional Recurrent Networks
	1 Introduction
	2 Related Work
	3 Methodology
	4 Experiments
	5 Conclusions
	References
Efficient Ciphertext Policy Attribute Based Encryption (ECP-ABE) for Data Deduplication in Cloud Storage
	1 Introduction
		1.1 Related Works
		1.2 Contributions
	2 Preliminaries
		2.1 Bilinear Pairing
		2.2 Access Structure
		2.3 Access Tree
	3 ECP-ABE Scheme System Outline
		3.1 System Architecture
		3.2 Design Goals
		3.3 Security Threats
		3.4 Security Model
	4 Detailed Construction
		4.1 System Setup
		4.2 Group Setup
		4.3 CertGen
		4.4 KeyGen
		4.5 TagGen
		4.6 DuplicateCheck
		4.7 Data Encryption
		4.8 Data Decryption
	5 Security Analysis
	6 Performance Analysis
		6.1 Experimental Analysis
	7 Conclusion
	References
Controlling Uncertainty with Proactive Cyber Defense: A Clausewitzian Perspective
	1 Introduction
	2 Background
		2.1 The Main Ideas of the Clausewitzian Framework
		2.2 Can Clausewitzian Principles Be Applied to Cyberspace?
	3 A Clausewitzian Perspective to Cyberdefense
		3.1 Is Defense Weaker Than Offense in Cyberspace?
		3.2 Taking Control of Uncertainty and Friction
	4 Discussion
	5 Conclusion
	References
Protecting Computer Systems from Cyber Attacks with Internal Interface Diversification
	1 Introduction
	2 Interface Diversification
		2.1 The General Idea
		2.2 Interfaces Suitable for Diversification
	3 A Case Study of Defending Against Three Cyber Attacks with Diversification
		3.1 The Mirai Malware and OS Library Diversification
		3.2 ShellShock and Command Language Diversification
		3.3 The ``Advanced Power\'\' Botnet and Diversifying the SQL Language
	4 Discussion
	5 Conclusion
	References
Braille Based Steganography System Using Dynamic Key Exchange
	1 Introduction
	2 Related Works
	3 Proposed System
	4 Experimental Results
		4.1 Visual Attack - Histogram
		4.2 Statistical Attack - Chi-Square Analysis
	5 Conclusion
	References
Author Index