Performance comparison of intrusion detection systems and application of machine learning to Snort system

This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that the Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimised SVM with firefly algorithm with FPR (false positive rate) as 8.6% and FNR (false negative rate) as 2.2%, which is a good result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimised machine learning algorithms to Snort

A Survey on Biometrics and Cancelable Biometrics Systems

Now-a-days, biometric systems have replaced the password or token based authentication system in many fields to improve the security level. However, biometric system is also vulnerable to security threats. Unlike password based system, biometric templates cannot be replaced if lost or compromised. To deal with the issue of the compromised biometric template, template protection schemes evolved to make it possible to replace the biometric template. Cancelable biometric is such a template protection scheme that replaces a biometric template when the stored template is stolen or lost. It is a feature domain transformation where a distorted version of a biometric template is generated and matched in the transformed domain. This paper presents a review on the state-of-the-art and analysis of different existing methods of biometric based authentication system and cancelable biometric systems along with an elaborate focus on cancelable biometrics in order to show its advantages over the standard biometric systems through some generalized standards and guidelines acquired from the literature. We also proposed a highly secure method for cancelable biometrics using a non-invertible function based on Discrete Cosine Transformation (DCT) and Huffman encoding. We tested and evaluated the proposed novel method for 50 users and achieved good results

Biometrics based privacy-preserving authentication and mobile template protection

Smart mobile devices are playing a more and more important role in our daily life. Cancelable biometrics is a promising mechanism to provide authentication to mobile devices and protect biometric templates by applying a noninvertible transformation to raw biometric data. However, the negative effect of nonlinear distortion will usually degrade the matching performance significantly, which is a nontrivial factor when designing a cancelable template. Moreover, the attacks via record multiplicity (ARM) present a threat to the existing cancelable biometrics, which is still a challenging open issue. To address these problems, in this paper, we propose a new cancelable fingerprint template which can not only mitigate the negative effect of nonlinear distortion by combining multiple feature sets, but also defeat the ARM attack through a proposed feature decorrelation algorithm. Our work is a new contribution to the design of cancelable biometrics with a concrete method against the ARM attack. Experimental results on public databases and security analysis show the validity of the proposed cancelable template

A cancelable iris- and steganography-based user authentication system for the Internet of Things

Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques

Cyber Security- A New Secured Password Generation Algorithm with Graphical Authentication and Alphanumeric Passwords Along With Encryption

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1]. On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is Shoulder Surfing Attack, which means, sneaking into a victim\u27s computer to learn the whole password or part of password or some confidential information. Such kind of attacks is called as Shoulder Surfing Attack. Many researchers have presented various ideas to curb the shoulder surfing attack. However, graphical passwords are still vulnerable to this attack. Therefore, in the present thesis, the solution for shoulder surfing attack is analyzed and a new algorithm is developed to provide better algorithm with memorability as well as very strong password using the encryption. For alphanumeric passwords, dictionary attack, and brute force attack are critical potential threats to be taken care off. Dictionary attacks mean, attacking every word from the dictionary to crack the password, whereas, brute force attack means, applying all different kind of combinations to crack the password. Thus, both protection methods have their pros and cons and, therefore in this thesis, the possible solution has been researched to provide more secure technique. Encryption is another essential technique in the field of cybersecurity. The history of encryption dates back to World War 2, where German forces used its encryption technique for the first time, and this encryption has been developed a lot with the consistent contribution of many researchers. Starting from the German encryption technique, the present encryption field has evolved a lot and compared to its primitive form; the current encryption techniques are more secured. In the encryption, various cryptosystems have been developed, and due to consistently developed computational power, attackers have compromised various cryptosystem. One of the essential cryptosystems is the MD family cryptosystem. In the MD family, a few members have been compromised whereas members such as MD5, had inbuilt algorithm flow and therefore they became vulnerable for different reasons. In this thesis, the research has been done with Whirlpool encryption, which is never compromised as of now. However, before using the Whirlpool encryption, the string has been processed with multiple steps, such as, perception, shifting of characters, splitting the string into chunks, and then each piece has been encrypted to populate 128 characters long password for each fragment and thus, the algorithm to generate 1280 characters long passwords is proposed which are immune to linear attacks, dictionary attacks, brute force attacks, and shoulder surfing attack. After the research, the computational time is also calculated for the modern computer (8 core, 2.8 GHz) as well as the present Supercomputers which are 100000 times faster than a modern computer. After all the research, the conclusion and future work are also mentioned for future research

Cancelable iris Biometrics based on data hiding schemes

The Cancelable Biometrics is a template protection scheme that can replace a stolen or lost biometric template. Instead of the original biometric template, Cancelable biometrics stores a modified version of the biometric template. In this paper, we have proposed a Cancelable biometrics scheme for Iris based on the Steganographic technique. This paper presents a non-invertible transformation function by combining Huffman Encoding and Discrete Cosine Transformation (DCT). The combination of Huffman Encoding and DCT is basically used in steganography to conceal a secret image in a cover image. This combination is considered as one of the powerful non-invertible transformation where it is not possible to extract the exact secret image from the Stego-image. Therefore, retrieving the exact original image from the Stego-image is nearly impossible. The proposed non-invertible transformation function embeds the Huffman encoded bit-stream of a secret image in the DCT coefficients of the iris texture to generate the transformed template. This novel method provides very high security as it is not possible to regenerate the original iris template from the transformed (stego) iris template. In this paper, we have also improved the segmentation and normalization process

Privacy in Biometric Systems

Biometrics are physiological and/or behavioral characteristics of a person that have been used to provide an automatic proof of identity in a growing list of applications including crime/terrorism fighting, forensics, access and border control, securing e-/m-commerce transactions and service entitlements. In recent years, a great deal of research into a variety of new and traditional biometrics has widened the scope of investigations beyond improving accuracy into mechanisms that deal with serious concerns raised about the potential misuse of collected biometric data. Despite the long list of biometrics’ benefits, privacy concerns have become widely shared due to the fact that every time the biometric of a person is checked, a trace is left that could reveal personal and confidential information. In fact, biometric-based recognition has an inherent privacy problem as it relies on capturing, analyzing, and storing personal data about us as individuals. For example, biometric systems deal with data related to the way we look (face, iris), the way we walk (gait), the way we talk (speaker recognition), the way we write (handwriting), the way we type on a keyboard (keystroke), the way we read (eye movement), and many more. Privacy has become a serious concern for the public as biometric systems are increasingly deployed in many applications ranging from accessing our account on a Smartphone or computer to border control and national biometric cards on a very large scale. For example, the Unique Identification Authority of India (UIDAI) has issued 56 million biometric cards as of January 2014 [1], where each biometric card holds templates of the 10 fingers, the two irises and the face. An essential factor behind the growing popularity of biometrics in recent years is the fact that biometric sensors have become a lot cheaper as well as easier to install and handle. CCTV cameras are installed nearly everywhere and almost all Smartphones are equipped with a camera, microphone, fingerprint scanner, and probably very soon, an iris scanner

LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance

The continuing growth of Smartphones and Superphones has significantly increased mCommerce. The security of personal information on the phone and lack of the face-to-face identification has made the authentication process prone to identity theft and false impersonation. Biometric authentication offers personal identification but is missing the real-time and precise-position associated with the person. This paper proposes the use of freshly generated real-time personal-data and present-position to form a “one-time multi-factor biometric” representation. i.e. using GPS "time and location" to stamp the user’s fresh biometric data on the phone side, and then, the authenticator will compare this information with the position of the phone obtained independently from the cellular network at that instant in time