فصلنامه پدافند الکترونیکی و سایبری
سال ششم شماره 3 (پیاپی 23، پاییز 1397)

"In this paper, a new method for vector tracking of GPS satellite signals in weak signal circumstances is presented. Extended Kalman Filter (EKF) is usually used in vector tracking. As divergence is one of the main problems in common Kalman filters, Adaptive Kalman filters are used to avoid divergence. Common adaptive Kalman filter in vector tracking is implemented using a window with limited length, which cannot be greater than a specified amount and so after a short while Kalman filter will become divergent again. Window length is specified empirically and in accordance to statistical characteristics which may lead to an ideal solution for one specific amount, but not the other. Therefore adaptive Strong Tracking Kalman Filter (STKF) is used in this paper. Simulation results show that adaptive STKF has high accuracy in relation to adaptive EKF, and in case of correctly arranged STKF parameters computing complexity of the proposed vector tracking will be less than the traditional method. Results show that in comparison to traditional vector tracking ,methods based on adaptive STKF have significantly reduced errors in measuring carrier frequency, position and of course velocity.

Today, the number of alerts issued by network security systems has increased significantly and network administrators encounter new problems in handling the issued alerts and responding to them. As managing and responding to such a large number of alerts is difficult, alert management and intrusion response system (IRS) are the main part of the security protection systems including intrusion detection systems. The main task of alert management is to reveal the attack details to IRS. Subsequently, the appropriate responses are applied to reduce the attack damage and recover the compromised computer networks back to their normal operational mode. In the literature, researchers have investigated alert management techniques and IRS solutions separately, despite the fact that alert management is one of the basic requirements of response process and its outcome directly affects the IRS performance. Alert management design should provide the necessary information about the attacks to the response system according to its type and requirements. This information along with information from network resources present the current state of the network to IRS. However, if decisions taken by the response system is only based on the current network status, the total cost of the network will increase over the time. Therefore with a futuristic concept and considering the present available information and all possible coming states, decision making process in the response system can be improved. In this paper, using a futuristic approach we seek to propose optimal solutions for confronting already-occurred and future-probable attacks. To achieve this goal, the proposed framework contains two subsystems: attacks and alerts modeling, and response modeling. In the first subsystem, we analyze the IDS alerts to find the similarity and causality relationships. We also present a comprehensive approach for network attack forecasting to obtain some useful predictions about the future states of the network. In the second subsystem, the response analyzer presents a multilevel response model to categorize intrusion responses. It also provides a foresight model to estimate the response cost by considering IDS alerts, network dependencies, attack damage, response impact, and the probability of potential attacks. Finally, models are proposed to make the best decision based on available information about the present and all possible coming states. Simulation results for different scenarios show that the response system, with a prospective vision, steers the network toward desired states with reduced cost of attack and response.

In a Fuzzy Identity-Based Encryption (FIBE) scheme, a user with the private key for an identity ID is able to decrypt a ciphertext encrypted with another identity ID if and only if ID and ID' are within a certain distance of each other as judged by some metric. The existing literature on FIBE assumes that all attributes are equally important. However, this assumption may not be appropriate in some situations. In this paper, we consider the problem of FIBE with attributes of different importance level. In this setting, the set of possible attributes admits a hierarchical structure such that, during decryption process, attributes in lower levels can be replaced by those in higher levels. To solve this case, a new scheme called Hierarchical Fuzzy Identity-Based Encryption (HFIBE) was introduced then it was provided with a formal definition of security and an implementation method. The security of our proposed scheme is in the Selective-ID security model under the Decisional Modified Bilinear Diffe-Hellman assumption.

Using the mathematical and optimization models has significant impact in military strategic decision making problems such as finding location of domestic fire launching site of hard and soft kill. In this paper, an integer linear programming model is developed for location problem of fire launching sites with goal of maximizing the expected value of the target accessibility and protection of strategic realms. Also, two metaheuristic algorithms based on genetic algorithm and particle swarm optimization algorithm have been designed to solve the problem. The computational results of these methods have been compared to exact answers from modeling. It is revealed that with time limit of 60 seconds, the developed genetic algorithm and particle swarm optimization have 0.16% and 0.07% average deviation from optimal solutions, indicating they perform efficiently.

Using the mathematical and optimization models has significant impact in military strategic decision making problems such as finding location of domestic fire launching site of hard and soft kill. In this paper, an integer linear programming model is developed for location problem of fire launching sites with goal of maximizing the expected value of the target accessibility and protection of strategic realms. Also, two metaheuristic algorithms based on genetic algorithm and particle swarm optimization algorithm have been designed to solve the problem. The computational results of these methods have been compared to exact answers from modeling. It is revealed that with time limit of 60 seconds, the developed genetic algorithm and particle swarm optimization have 0.16% and 0.07% average deviation from optimal solutions, indicating they perform efficiently.

The attacks such as spoofing is one of the main sources of error in tracking of Global Positioning System (GPS) receivers. The aim of these attacks is to calculate fake time and position. The spoofer sends the counterfeit signal and causes to spoof. This counterfeit signal is generated in different ways. In this paper, the studied interference is the delay spoof. Indeed, the aim is introducing a new approach in tracking loop of the GPS receiver in order to decrease the generated delay by spoof attack. The suggested algorithm has two main steps. The first step estimates the amount of delay spoof. Subsequently, through an innovative approach, the effect of spoofing signal is extracted and then subtracted from the total measured correlation function. To achieve that, the effect of spoofing signal is estimated and the estimated spoofing signal is generated separately. For this purpose, two estimator based on multi-correlator and adaptive approach is introduced. Correlation of this signal with the digital IF signal is calculated and entered into the spoof mitigation part. In this part, correlation of this signal is added to auto-correlation of received signal and correlation of authentic signal is achieved. These techniques provide easy-to-implement and quality assurance tools for anti-spoofing. Applying the proposed algorithm decreases the average spoofing error by 88%.

Statistical detectablity of a steganalyser declares its ability to distinguish between cover and stego images. Optimum steganographer must be designed to confuse the corresponding steganalysers in detecting stego images. Thus, designing a steganographic algorithm based on reducing statistical detectability is of great importance. Unfortunately establishing a perfect relation between pixel cost and statistical detectability is still an open problem. In this paper, we have modelled steganalyser by special graphical models, called topic models, to estimate the error rate of a steganalyser in terms of the steganographic pixel cost. Morover, we have redefined the steganographic capacity and pixel cost based on such models. It is also shown that the new critera are compatible with classical ones, like PSNR. Then, an algorithm is designed as per such criteria. It is shown empirically that the presented algorithm is comparable to the best analytically designed algorithms presented so far. It is worth mentioning that the paper is focused on establishing a mathematical basis for the relation between the steganalyzer error and pixel cost and not improving the current algorithms. Nonetheless, as compared to the rivals, a small improvement, about 0.5% in steganalysis error, has also been achieved.

This study investigates improving the process of design and interaction analysis of Gama-ray imaging systems. Gama-ray imaging systems have many applications in medical sciences, military and security organizations and for each application area, different parameters have gained attention in the product design process. The complexity of the product design process and variety of design parameters confirm the need for development of a comprehensive map for product design which demonstrates subsystem interactions and the way that each parameters effects other parameters. Hence the Design Structure Matrix (DSM) is used to display and analyze the interaction of design influencing parameters. DSM offers network modeling tools that represent the elements of a system and their interactions, thereby highlighting the system's designed structure. Its advantages include compact format, visual nature, intuitive representation, powerful analytical capacity, and flexibility. In this research we have proposed a DSM which consists of 49 parameters for the mentioned product and then this matrix has been analyzed and clustered by using the related software. As a result, the parameters have been divided into five design cycles after prioritization. The system designer can identify the parameters' effect and trace the systematic design process by using this matrix.

In the multi-use multi-stage secret sharing scheme, the dealer is able to share several secrets among a group of participants, and the secrets are reconstructed stage by stage such that the reconstruction of secrets at earlier stages does not reveal or weaken the secrecy of the remaining secrets. Since the hash functions are quick and easy to calculate, in this paper, we propose a multi-use multi-secret sharing scheme based on a hash function that makes the method very efficient. This scheme is resistant to the cheating of participants. Also, by using the Diffie-Hellman key exchange protocol, the dealer and participants communicate with each other through a public channel. The structure of the proposed scheme is safe against one-known-secret attack.

Joint optimization of spectrum sensing and spectrum access parameters of a cognitive radio sensor network (CRSN) leads to a higher sum throughput of secondary users (SUs) while the interference introduced to primary users (PUs) is kept under certain tolerable level. In this work, first, by using the concept of probabilistic spectrum access, joint spectrum sensing and power allocation is performed in a multiband CRSN. The considered optimization problem is formulated with the aim of maximizing the average opportunistic secondary data rate under constraints on the interference introduced to PU and limited power budget of SU. The considered system model leads to a non-convex optimization problem which is converted into a convex problem. Based on using genetic algorithms, optimal solution of this problem is obtained using two different approaches: i) Lagrange multipliers method and ii) Linear programming method. We provide several numerical simulation results to evaluate the performance of our proposed methods in terms of achievable CR data rate, interference introduced to the PU and convergence properties of the proposed algorithms.

Nowadays, malware propagation has become a major threat in cyber space. Modeling malware propagation process allows us to get a better understanding of the dynamics of malware spreading as well as helping us to find effective defense mechanisms. Due to the security concerns, software diversity has received much attention as a cyber-defense mechanism. In this paper, considering software diversity approach, an epidemic model of malware propagation in scale-free networks is proposed. Software diversity as a defense mechanism reduces the malware propagation process in the network. Simulation results show the effect of different parameters on the malware propagation process. Also, we demonstrate that the assignment of diverse software packages to network nodes reduces the basic reproductive ratio and malware propagation speed in the network. Moreover, the effect of weight's exponent on the speed of malware propagation is investigated.

The complex and persistent attacks of network have been made up of numerous hidden stages. One of the reasons for the ineffectiveness of intrusion detection systems against these attacks is the use of a defense mechanism based on low-level network traffic analysis, in which the hidden relationships between alerts are not addressed. Our assumption is that there is a hidden structural information in traffic data, and we want to define rules in network traffic similar to linguistic rules and use it to describe the patterns of malicious network activity. In this way, the discovery of misuse and anomalous patterns can be well treated as the problem of learning syntactic structures and semantic fragments of the “network language”. In this paper, for the first time in cybersecurity, a new clustering is used named as the clustering of MD_DBSCAN; one of the most advanced types of DBSCAN clustering. In addition, a greedy algorithm inspired by the induction of grammar in natural language processing has been used to recgnize high-level activities and define the relations between activities in different levels, by integrating low-level activities. In the recognition section of high-level activities of the proposed algorithm, for the first time, similarity edition criterion in hierarchical clustering has been added to the existing criteria in the base algorithm. According to ROC curves the results show that the accuracy of detection in higher-level activities are about 30% higher than low-level activities. Also by choosing the best setting for threshold parameters in attack detection algorithms, we had the highest F1 score in different levels from 1 to 3: 72.3 , 96.2, 96.4. which means that in general we have had the improvement of about 0.2 compared to the base algorithm.