International Journal of Information Security
Volume:4 Issue: 2, Jul 2012

So far, various components of image characteristics have been used for steganal- ysis, including the histogram characteristic function, adjacent colors distribu- tion, and sample pair analysis. However, some certain steganography methods have been proposed that can thwart some analysis approaches through man- aging the embedding patterns. In this regard, the present paper is intended to introduce a new analytical method for detecting stego images, which is robust against some of the embedding patterns designed specically to foil steganalysis attempts. The proposed approach is based on the analysis of the eigenvalues of the cover correlation matrix used for the purpose of the study. Image cloud par- titioning, vertical correlation function computation, constellation of the corre- lated data, and eigenvalues examination are the major challenging stages of this analysis method. The proposed method uses the LSB plane of images in spatial domain, extendable to transform domain, to detect low embedding rates-a ma- jor concern in the area of the LSB steganography. The simulation results based on deviation detection and rate estimation methods indicated that the proposed approach outperforms some well-known LSB steganalysis methods, specically at low embedding rates.

The A5/1 algorithm is one of the most famous stream cipher algorithms used for over-the-air communication privacy in GSM. The purpose of this paper is to analyze several weaknesses of A5/1, including an improvement to an attack and investigation of the A5/1 state transition. Biham and Dunkelman proposed an attack on A5/1 with a time and data complexity of 239:91and 221:1, respectively.In this paper, we propose a method for identification and elimination of useless states from the pre computed tables and a new approach to access the table in the online phase of the attack which reduces the time complexity to 237:89 and the required memory in half. Furthermore, we discuss another weakness of A5/1 by investigating its internal state transition and its keystream sequence period. Consequently, the internal states are divided into two classes, initially periodic and ultimately periodic. The presented model is verified using a variety of simulations which are consistent with the theoretical results.

This study presents a new method based on the combination of cryptography and information hiding methods. Firstly, the image is encoded by the Double Random Phase Encoding (DRPE) technique. The real and imaginary parts of the encoded image are subsequently embedded into an enlarged normalized host image. DRPE demands two random phase mask keys to decode the decrypted image at the destination. The two random phase masks are regenerated by the chaos theory using a fractal image. To enhance its security, instead of sending the second phase mask directly, the initial conditions and the parameter of the chaotic map and the fractal image are transferred to the authorized user through a secure channel. Experimental results reveal that the proposed method not only enjoys high security but also resists the commonplace attacks.

Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in practice. To provide a picture of the current intrusive activity on the network, we need a real-time alert correlation. Most causal methods can be deployed offline but not in real-time due to time and memory limitations. In the proposed method, the knowledge base of the attack patterns is represented in a graph model called the Causal Relations Graph. In the offline mode, we construct Queue trees related to alerts'' probable correlations. In the real-time mode, for each received alert, we can find its correlations with previously received alerts by performing a search only in the corresponding tree. Therefore, the processing time of each alert decreases significantly. In addition, the proposed method is immune to deliberately slowed attacks. To verify the proposed method, it was implemented and tested using DARPA2000 dataset. Experimental results show the correctness of the proposed alert correlation and its efficiency with respect to the running time.

The products of graphic design applications, leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphic design applications, and then analyzing the files associated with these applications. When analyzing digital forensic artifacts generated by an application, the specific focus is on determining whether the graphic design application was installed, whether the application was used, and determining whether an association can be made between the application’s actions and such a digital crime. This is accomplished by locating such information from the registry, log files and prefetch files. The file analysis involves analyzing files associated with these applications for file signatures and metadata. In the end it becomes possible to determine if a system has been used for creating counterfeit documents or not.

It is a common and useful task in a web of trust to evaluate the trust value between two nodes using intermediate nodes. This technique is widely used when the source node has no experience of direct interaction with the target node, or the direct trust is not reliable enough by itself. If trust is used to support decision-making, it is important to have not only an accurate estimate of trust, but also a measure of confidence in the intermediate nodes as well as the final estimated value of trust. The present paper thus aims to introduce a novel framework for integrated representation of trust and confidence using intervals, which provides two operations of trust interval multiplication and summation. The former is used for computing propagated trust and confidence, whereas the latter provides a formula for aggregating different trust opinions. The properties of the two operations are investigated in details. This study also proposes a time-variant method that considers freshness, expertise level and two similarity measures in confidence estimation. The results indicate that this method is more accurate compared to the existing ones. In this regard, the results of experiments carried out on two well-known trust datasets are reported and analyzed, showing that the proposed method increases the accuracy of trust inference in comparison with the existing methods.