Journal of Computing and Security
Volume:7 Issue: 1, Winter and Spring 2020

This paper considers the construction of chaotic dynamic substitution boxes (S-boxes) using chaotic Chebyshev polynomials of the first kind. The proposed algorithm provides dynamic S-boxes with acceptable security performance compared to twenty-one recent schemes. This algorithm is used to generate 80 random 8 × 8 S-boxes and analyzed their security performance. Their average performance shows acceptable security. The security of the generated S-boxes is measured against several mandatory security requirements for S-box designs including bijective property, strict avalanche criterion (SAC), linear approximation probability (LAP), differential approximation probability, bit independence criterion, correlation immunity, algebraic immunity, auto-correlation, and propagation criterion. Moreover, the set of majority logic criterion measures is used to measure the quality and robustness of the generated S-boxes in image encryption. Because obtaining a chaotic sequence with one dimensional Chebyshev polynomials of the first kind is very simpler and efficient than the hyper-chaotic mappings, the proposed algorithm is of lower computational costs compared with recent chaotic S-box generation algorithms.

In security risk management of computer networks, some challenges are more serious in large networks. Specifying and estimating risks is largely dependent on the knowledge of security experts. In this paper, a framework for security risk estimation is proposed to address this issue. It represents the security knowledge required for security risk estimation and utilizes current security metrics and vulnerability databases. This framework is a major step towards automating the process of security risk estimation so that a network administrator can estimate the risk of the network with less expertise and effort. As a case study, the proposed framework is applied to a sample network to show its applicability and usability in operational environments. The comparison of results with two existing methods showed the validity of the estimations given by the proposed framework.

Model-Driven Development (MDD) aims at developing software more productively by using models as the main artifacts. Here, the models with high abstraction levels must be transformed into lower levels and finally executable models, i.e., source code. As a result, model transformation languages/tools play a main role on realizing the MDD goal. The Object-Management Group (OMG) presented the Query/View/Transformation (QVT) as a standard for the Meta-Object Facility (MOF)-based model transformation languages.However, implementing a model transformation language, which supports the full features of the QVT proposal requires a formal model of the underlying concepts. Having common terminology and a formal, precise, and consistent specification facilitates developing dependable transformation languages/tools.This paper aims to provide a formal specification of the main characteristics of a QVT-Relations (QVTr) model transformation language using the Z notation. The proposed formal model can be adapted for formalizing other domain and language concepts too. To show the applicability of the proposed formalism, a simplified version of the classic object-relational transformation is specified. Additionally, we show how the semantics clarifies some outstanding semantic issues in QVTr. The proposed formalism of this paper will pave the way to building support tools for model transformations in a unified manner in MDD.

As a result of an incredibly fast growth of the number and diversity of smart devices connectable to the internet, commonly through open wireless sensor networks (WSNs) in internet of things (IoT), the access of attackers to the network traffic in the form of intercepting, eavesdropping and rebroadcasting has become much easier. Anomaly or intrusion detection system (IDS) is an efficient security mechanism, however despite the maturity of anomaly detection technologies for wired networks, current technologies with high computational complexity are improper for resource-limited WSNs in IoT and they also fail to detect new WSN attacks. Furthermore, dealing with the huge amount of intrusion wireless traffic collected by sensors, causing slow detecting process, higher resource usage and inaccurate detection. Hence, considering WSN limitations for developing an IDS in IoT, establishes a significant challenge for security researchers. This paper proposes a new model to develop a support vector machine (SVM)-based lightweight IDS (LIDS) using combination concepts of genetic algorithm (GA) and mathematical equations of grey wolf optimizer (GWO) which is called GABGWO. The GABGWO through applying two new crossover and mutation operators tries to find the most relevant traffic features and eliminate worthless ones, in order to increase the performance of the LIDS. The performance of LIDS is evaluated using AWID real-world wireless dataset under two scenarios with and without using GABGWO. The results showed a promising behavior of the proposed GABGWO algorithm in choosing optimal traffics, decreasing the computational costs and providing high accuracies for LIDS. The hybrid algorithm is also compared to pure GA and GWO and other recent methods and it is found that its performance is better than them.

With the introduction and standardization of the semantic web as the third generation of the web, this technology has attracted and received more human attention than ever. Thus, the amount of semantic web data is continuously growing, which makes them a rich source of useful data for data mining techniques. Semantic web data have some complexities, such as the heterogeneous structure of data, the lack of well-defined transactions, and the existence of typed relations between items. In this paper, a new technique named SWApriori is presented, which by using both entities and relations in the extraction of frequent itemsets, generates a new class of association rules (ARs) from semantic web data. The proposed technique by considering the complex heterogeneous nature of semantic web data, without any need to a domain expert, and without any data conversion to transactional data format extracts ARs from semantic web data directly. For evaluation, the proposed technique is applied to Factbook and DBPedia datasets. The experimental results demonstrate the ability of the proposed technique in extracting relational ARs from semantic web data by considering the mentioned challenges. Supplementary experiments show that the proposed technique can extract interesting patterns that are not discoverable by state-of-the-art association rule mining techniques.