Security and Communication Networks

The practical employment of network coding (NC) has shown major improvements when it comes to the transmission reliability of sender data and bandwidth utilization. Moreover, network coding has been employed recently to secure the transmission of data and prevent unauthorized recovery of sender packets. In this paper, we employ network coding (NC) in a practical way in networks with constrained resources with the goal of improving the reliability and security of data transfer. More specifically, we apply NC on the recent options of block-wise transfer (BWT) of the constrained application protocol (CoAP). The goal is to enhance the reliability of CoAP when used to transfer larger data blocks using BWT. Also, we employ an innovative homomorphic encryption approach to secure the BWT of CoAP.

Frequency-hiding order-preserving encryption (FH-OPE) has emerged as an important tool in data security, particularly in cloud computing, because of its unique ability to preserve the order of plaintexts in their corresponding ciphertexts and enable efficient range queries on encrypted data. Despite its strong security model, indistinguishability under frequency analyzing ordered chosen plaintext attack (IND-FA-OCPA), our research identifies a vulnerability in its design, particularly the impact of range queries. In our research, we quantify the frequency of data exposure resulting from these range queries and present potential inference attacks on the FH-OPE scheme. Our findings are substantiated through experiments on real-world datasets, with the goal of measuring the frequency of data exposure resulting from range queries on FH-OPE encrypted databases. These results quantify the level of risk in practical applications of FH-OPE and reveal the potential for additional inference attacks and the urgency of addressing these threats. Consequently, our research highlights the need for a more comprehensive security model that considers the potential risks associated with range queries and underscores the importance of developing new range-query methods that prevent exposing these vulnerabilities.

The growth of the Internet of Things (IoT) has recently impacted our daily lives in many ways. As a result, a massive volume of data are generated and need to be processed in a short period of time. Therefore, a combination of computing models such as cloud computing is necessary. The main disadvantage of the cloud platform is its high latency due to the centralized mainframe. Fortunately, a distributed paradigm known as fog computing has emerged to overcome this problem, offering cloud services with low latency and high-access bandwidth to support many IoT application scenarios. However, attacks against fog servers can take many forms, such as distributed denial of service (DDoS) attacks that severely affect the reliability and availability of fog services. To address these challenges, we propose mitigation of fog computing-based SYN Flood DDoS attacks using an adaptive neuro-fuzzy inference system (ANFIS) and software defined networking (SDN) assistance (FASA). The simulation results show that the FASA system outperforms other algorithms in terms of accuracy, precision, recall, and F1-score. This shows how crucial our system is for detecting and mitigating TCP-SYN floods and DDoS attacks.

Objective. Wireless sensor networks, crucial for various applications, face growing security challenges due to the escalating complexity and diversity of attack behaviours. This paper presents an advanced intrusion detection algorithm, leveraging feature-weighted Naive Bayes (NB), to enhance network attack detection accuracy. Methodology. Initially, a feature weighting algorithm is introduced to assign context-based weights to different feature terms. Subsequently, the NB algorithm is enhanced by incorporating Jensen–Shannon (JS) divergence, feature weighting, and inverse category frequency (ICF). Eventually, the improved NB algorithm is integrated into the intrusion detection model, and network event classification results are derived through a series of data processing steps applied to corresponding network traffic data. Results. The effectiveness of the proposed intrusion detection algorithm is evaluated through a comprehensive comparative analysis using the NSL-KDD dataset. Results demonstrate a significant enhancement in the detection accuracy of various attack types, including normal, denial of service (DoS), probe, remote-to-local (R2L), and user-to-root (U2R). Moreover, the proposed algorithm exhibits a lower false alarm rate compared to other algorithms. Conclusion. This paper introduces a wireless network intrusion algorithm that not only ensures improved detection accuracy and rate but also reduces the incidence of false detections. Addressing the evolving threat landscape faced by wireless sensor networks, this contribution represents a valuable advancement in intrusion detection technology.

Linkable ring signatures (LRSs) are ring signatures with the extended property that a verifier can detect whether two messages were signed by the same ring member. LRSs play an important role in many application scenarios such as cryptocurrency and confidential transactions. The first code-based LRS scheme was put forward in 2018. However, this scheme was pointed out to be insecure. In this paper, we put forward a code-based LRS scheme by constructing a new Stern-like interactive protocol and prove that it meets the security requirements of LRSs. We also give the specific parameters and the performance on the platform of our scheme.

The explosive growth of web-based technology has led to an increase in sophisticated and complex attacks that target web applications. To protect against this growing threat, a reliable web attack detection methodology is essential. This research aims to provide a method that can detect web attacks accurately. A character-level multichannel multilayer dilated convolutional neural network (MC-MLDCNN) is proposed to identify web attacks accurately. The model receives the full text of HTTP requests as inputs. Character-level embedding is applied to embed HTTP requests to the model. Therefore, feature extraction is carried out automatically by the model, and no additional effort is required. This approach significantly simplifies the preprocessing phase. The methodology consists of multichannel dilated convolutional neural network blocks with various kernel sizes. Each channel involves several layers with exponentially increasing dilation sizes. Through the integration of multichannel and multilayer dilated convolutional neural networks, the model can efficiently capture the temporal relation and dependence of character granularity of HTTP requests at different scales and levels. As a result, the structure enables the model to easily capture dependencies over extended and long sequences of HTTP requests and consequently identify attacks accurately. The outcomes of the experiments carried out on the CSIC 2010 dataset show that the proposed model outperforms several state-of-the-art deep learning-based models in the literature and some traditional deep learning models by identifying web attacks with a precision score of 99.65%, a recall score of 98.80%, an score of 99.22%, and an accuracy score of 99.36%. A useful web attack detection system must be able to balance accurate attack identification with minimizing false positives (identifying normal requests as attacks). The success of the model in recognizing normal requests is further evaluated to guarantee increased security without sacrificing web applications’ usability and availability.