مجله علوم و فناوری های پدافند نوین
سال پنجم شماره 2 (پیاپی 16، تابستان 1393)

In this paper، we designed and analysed a new word-oriented stream cipher algorithm with a key length of 256 bit. The proposed algorithm is highly resistant against known attacks. The main principles of the algorithm are based on improved word-oriented shift registers in clock control mode with cyclic period greater than. With the improvement of certain nonlinear kernel of some algorithms، such as SNOW2 and using it as a nonlinear part of encryption، resulted algorithm is much more resistant than similar samples against distinguish and algebraic attacks. According to security analysis، complexity of distinguish attack is and complexity of algebraic attacks is.

Nowadays، in spite of the presence of defense mechanisms and verification methods، parts of the security vulnerabilities still remain in systems. Therefore، protecting systems against all malicious behaviors and security attacks is nearly impossible. If the required countermeasures are not employed against the impacts of malwares، they may lead to intrusion and the violation of system security policies. On the other hand، intrusion-tolerant systems are used to increase the security of systems and software. Considering the concept of trust among the entities can play an important role to increase the security in distributed environments such as Internet. However، like other security mechanisms، trust is vulnerable to malicious attacks. Therefore، devising methods against malicious behaviors are very important. In this paper، a trust­-based approach for tolerating software against intrusion with emphasis to the relativity of trust concept is presented. So that، the precision of trust values for users in the whole system is increased، such that these values are closed to real values. The goal of the proposed approach is to diminish the challenges of absolute trust in order to make systems resilient against malicious behaviors through detecting real and non-real ideas of users and balancing them. The simulation results show that the proposed approach does not allow intruders to increase trust values unfairly and it is resilient against malicious and destructive behaviors. Furthermore، the addition of relativity to trust concept and the detection of malicious users lead to the improvement of the recommended method، comparing to the existing methods.

The passive defense strategies are used to protect the national security in the asymmetric defense conditions. The web application is one of the most widely used tools in the world wide web. Because of its dynamic nature، it is vulnerable to serious security risks. The discovery of cyber attacks can be seen as a method of enhancing national resistance. Anomaly based intrusion detection is an approach that focuses on the new and unknown attacks. A method for anomaly detection in web applications using a combination of one-class classifiers، is proposed. First، in the preprocessing phase، normal HTTP traffic is logged and Features vector is extracted from each HTTP request. The proposed method consists of two steps; In the training phase، the extracted features vectors associated with each request، enter the system and the model of normal requests، using combination of one-class classifiers، is learned. In the detection phase، anomaly detection operation is performed on the features vector of each HTTP request using the learned model of the training phase. S-OWA operator and other combination methods are used to combine the one-class classifiers. The data used for training and test are from CSIC2012 dataset. The detection rate and false alarm rate obtained from experiments، shows better results than other methods.

Availability and continuity of information and key processes that support the core IT services by hardening the computer systems against the attacks as a passive defence principle، has been one of the most important issues facing companies in electeronic passive defences and cyber defence that are generally managed by implementing the relevant security standards. In this research، 36 critical success factors for implementing business continuity management were extracted from the comprehensive study of literature. These indicators were sent to 83 experts، among which 64 were collected and analyzed which after exploratory factorial analysis categorized them in 9 factors and also they were all approved by binomial test. Harmonic mean was used to calculate the weight of factors and components and finally a model including the effective factors and weight of their importance for organizational gap analysis to implement business continuity management system، was proposed. The proposed model was implemented and tested in two IT service provider companies.

Covert timing channels are used to transmit information through computer networks in a seamless or secret way. Inter-packet gap and packet reordering are among techniques of encoding information in covert channels. Several works on evaluating capacity and robustness of covert channels are published in which the channel is evaluated using real environment field tests or by means of computational methods. Real environment field test lacks the repeatability property of the test and computational method is normally too simple to enable one to evaluate the channel under desired circumstances. In this paper، a new model for an end to end communication channel in the Internet is proposed using Petri-Net modeling. The model is able to inject different types of noises such as packet loss، packet reordering، and jitter to a given traffic. The model was used to implement a controlled hybrid covert timing channel under desired noise levels. Then، the capacity and robustness of the covert channel was measured using different noise scenarios. The model proves itself effective for further covert channel evaluation in given circumstances.

In this article new methods for detection and interception of Spywares specifically key loggers، Blockers and screen recorders is proposed. After detecting a malicious behavior، at run time by dynamic behavioral analysis، its corresponding process and executable file are located. All the interaction of the underlying network are logged and analyzed to extract the destination and source of the stolen information which was support to be transferred by the Spyware. After the malicious code is analyzed the process in the main memory is terminated and its executable and image files are removed from the hard disk، in addition could deliver junk information to spyware or diversion destination of it. The proposed method tracks and intercept malicious code through the kernel drivers belonging to the operation system. In this way we could bypass and ignore all the system functions in user mode and all the limitations and constraint imposed by the operating system. In this article the security of the proposed method is also considered and proposes a new method for interception of blockers and construction of secure virtual keyboards. In this way we could achieve the main target of the proposed method to secure the operation system environment of any Spywares. At the end this article evaluate proposed methods based on accuracy of detection and success reaction against Spywares. This Accuracy is 96% and reaction rate is 100%، We compare these results with top famous Anti-Spyware application in the word to prove that our proposed methods is competitive with the best and is better of them in some feathers.