فصلنامه پدافند الکترونیکی و سایبری
سال چهارم شماره 4 (پیاپی 16، زمستان 1395)

Scale-free network (SFN) is a conceptual model for online social networks and peer-to-peer networks, which exhibit a power-law degree distribution. Due to these characteristics, these networks are more vulnerable to the spread of malware (such as virus and worm). Modeling and simulation methods are used to evaluate the propagation behavior of malware in scale-free networks and analyze the defense strategies against malware propagation. To do so, a high number of events should be processed and details of network nodes should be considered. This makes the existing discrete-event simulation methods inappropriate for running on large and complex networks. Hence, for modeling the propagation behavior of malware, fluid models, which need not know the details of network, seems to be more appropriate. In this paper, for fluid simulation of malware propagation, a scale-free network is conceptually represented as a backbone network including supernodes, any one of which includes several nodes of the network. Each supernode in the case of infection can propagate pollution as a fluid flow to its neighboring nodes. Therefore, the main process of malware propagation can be modeled without considering the details of every node. To evaluate the proposed method, an agent-based simulation method has been used. The evaluation results show that large scale-free networks can be modeled and the propagation of malware can be studied using the proposed approach. In addition, the effect of random and targeted immunization of nodes on the proposed models is evaluated as a case study.

Privacy and avoiding being detected by security systems are both two important features of Botnet whose communication structure affects them directly. In this paper, covert communication protocol based on covert timing channel is presented for Botnet and the capabilities of these types of channels are used for enhancing the features. The proposed Protocol is designed with layered and modular structure which is scalable and flexible. In this project, in addition to developing the usage of these channels in Botnet, the interaction of evaluation criteria in two areas is investigated in a real condition. According to the various traffic Circumstances of systems involved in botnet, the Emulator Tool is used for implementing a test Environment in real Circumstances and channel evaluation criteria including capacity, robustness and stealthy are evaluated. The results show that in the best traffic condition, the average time is equival to 48.07 bits per second with robustness factor of 99% and in the worst traffic condition with different types of errors, the capacity is equival to 11.01 per second with robustness of 85% in proposed Protocol. Conditional Entropy method also shows stealthy of communication in the protocol. The results show the appropriate capability of covert timing channel to supply communication infrastructure in botnet.

Botnets have recently been identified as one of the most important and emerging threats to the security with hundreds of millions of computers compromised and infected in cyber space. Botnets are a network of compromised hosts or bots that are under the control of an attacker. They are considered as a primary root-cause for most of the attacks and fraudulent activities on the Internet, such as distributed denial of service (DDoS) attacks, phishing, spamming, information theft, and so on. Some studies show that about between 16 to 25 percent of computers which are connected to the internet all over the world are infected by bots and controlled by attackers. This pape, discusses in detail about Botnet and related research including Botnet evolution, life-cycle, command and control models, communication protocols, Botnet detection methods, Botnet mechanisms and their models, possible attacks performed by various types of Botnet. This paper also discusses the prominent research problems that have remained open and could be continued by researches.

Watermarking systems have different features where the two opposite ones named transparency and robustness are the most important ones. In this paper, two new methods for the watermark embedding have been presented based on color images watermarking in FWHT domain and YPbPr color space. The first method is proposed to embed binary watermark in the host color image where the watermark is embedded in the Pb color component. The second method is proposed to embed color watermarks in the host color image. In this method, the Y, Pb and Pr components of watermark image are embedded respectively in Y, Pb and Pr components of the host image. This method has suitable transparency and robustness. The simulation results show that the PSNR and NCC values have increased about 10.74 dB and 0.05 compared to the methods used in [7-11] and [18].

Flood attacks are among the most devastating distributed denial of service (DDoS) attacks. In these attacks, attackers try to use up resources by sending massive floods of packets in order to seriously challenge the provision of services. Hierarchical architecture and numerous weaknesses in the structure of communication protocols in conventional networks lead to the fact that firewalls cannot provide an integrated and effective mechanism against these attacks. With the emergence of Software Defined networking (SDN), there are new prospects for solving structural and security problems in Traditional networks. In this paper, a heterogeneous method proposed based on cooperation between traditional service provider and software-based controller (SDN) to deal with flooding attacks. In this method, the attack detection module is located in servers and the call module is located in controller(SDN). In order to simulate the heterogeneous method the MiniNet emulator is used in combination with the Pox controller. Next, the simulated model is evaluated and it is finally concluded that besides protecting against attacks in conventional networks, the proposed method provides other benefits including the extent of computational load and the response time compared to other Software Defined methods.

In this paper a new approach for detecting explicit content or pornographic images is proposed. The suggested system contains three phases. In the first phase, the image is segmented into skin region and non-skin region by an ANN in a pixel-wise manner. After image segmentation, a set of discriminative features including the ratio of skin pixels to total image pixels, the number of faces in the image, the area of largest skin area are extracted. Finally, support vector machines are used to classify the image in two normal image and explicit image using the extracted feature vector. A set of 400 images is used to learn and test the system. The detection rate for classifying pixels in skin and non-skin is 91.8 and as the result, the proposed system could obtain 89.9 accuracy in classifying images based on their content. Furthermore, the true positive rate and false positive rate for the proposed system are 92% and 0.125%, respectively.

Free-Space Optical (FSO) Communication has many advantages such as high bandwidth and high security and can also be a good alternative to radio communication systems. The main problem with the use of FSO is the presence of atmospheric phenomena such absorption, scattering and turbulence. This effect causes not only the weakening of the laser light transmission but also causes the multipath phenomena and behavior similar to the fading in the radio communication channels. In this paper, a model is presented to investigate the FSO attenuation and turbulence effect on its performance. Designing of an FSO system using a combination of methods such as Aperture averaging, Multiple Input Single Output (MISO) and Line code 1B4B to reduce the effects of turbulence has been examined and the behavior of system using error probability rate (BER) diagram and the probability of cutting (Outage) in different climatic conditions has also been simulated. Link budget analysis shows that an FSO system with 4 transmitters each with 200mW of optical power and a receiver with at least 25cm optical aperture can communicate data, in the moderate turbulence condition, with a maximum range of 10 km and a BER better than 10-6.

Multi-Tenant software acts out based on auto-scale instance applications due to fluctuating workloads affected by increasing or decreasing the number of tenant demands and requested resource volumes. The aim of auto-scaling is better resource utilization of resource computing as well as provision of good Quality of Service (QoS) to tenants. Auto-scaling approach for meeting its used goal has challenges that consist of predicting workload, identifying correct resource requirement according to workload and selecting the policy of system for resource allocation with the lowest cost. In this research, a runtime auto-scaling mechanism is provided for multi-tenant software in order to answer mentioned challenges. First, due to lack of comprehensive description of a runtime system of multi-tenant software and based on found evidence of various studies, an architecture for runtime system of multi-tenant software is provided and a computing model is introduced that has three various granularity for its module of multi-tenant software. Then by providing an architecture for auto-scaling module of runtime system of multi-tenant software and using sub -modules that have appropriate functionality, mentioned challenges of auto-scaling are answered. To evaluate this, the proposed auto-scaling mechanism is implemented in the cloudism simulation environment and is tested and compared to the recent similar work in the same environmental conditions. The obtained results indicate that the provided auto-scaling mechanism compared to similar work despite the close number of violation of QoS, has better utilization and wastes computing resources less [13/28%-16/19%] with 99% confidence level.