Vahid Tabataba Vakili

Amir Andalib, Vahid Tabataba Vakili

Internet of Things (IoT) brings new challenges to the security solutions of computer networks. So far, intrusion detection system (IDS) is one of the effective security tools, but the vast amount of data that is generated by heterogeneous protocols and "things" alongside the constrained resources of the hosts, make some of the present IDS schemes defeated. To grant IDSs the ability of working in the IoT environments, in this paper, we propose a new distributed dimension reduction scheme which addresses the limited resources challenge. A novel autoencoder (AE) designed, and it learns to generate a latent space. Then, the constrained hosts/probes use the generated weights to lower the dimension with a single operation. The compressed data is transferred to a central IDS server to verify the traffic type. This scheme aims to lower the needed bandwidth to transfer data by compressing it and also reduce the overhead of the compression task in the hosts. The proposed scheme is evaluated on three well-known network traffic datasets (UNSW-NB15, TON\_IoT20 and NSL-KDD), and the results show that we can have a 3-dimensional latent space (about 90\% compression) without any remarkable fall in IDS detection accuracy.

Amir Andalib, Vahid Tabataba Vakili

An intrusion detection system (IDS) is a vital security component of modern computer networks. With the increasing amount of sensitive services that use computer network-based infrastructures, IDSs need to be more intelligent and autonomous. Aside from autonomy, another important feature for an IDS is its ability to detect zero-day attacks. To address these issues, in this paper, we propose an IDS which reduces the amount of manual interaction and needed expert knowledge and is able to yield acceptable performance under zero-day attacks. Our approach is to use three learning techniques in parallel: gated recurrent unit (GRU), convolutional neural network as deep techniques and random forest as an ensemble technique. These systems are trained in parallel and the results are combined under two logics: majority vote and "OR" logic. We use the NSL-KDD dataset to verify the proficiency of our proposed system. Simulation results show that the system has the potential to operate with a very low technician interaction under the zero-day attacks. We achieved 87:28% accuracy on the NSL-KDD's "KDDTest+" dataset and 76:61% accuracy on the challenging "KDDTest-21" with lower training time and lower needed computational resources.

Amirsina Torfi, Sobhan Soleymani, Seyed Mehdi Iranmanesh et al.

Achieving information-theoretic security using explicit coding scheme in which unlimited computational power for eavesdropper is assumed, is one of the main topics is security consideration. It is shown that polar codes are capacity achieving codes and have a low complexity in encoding and decoding. It has been proven that polar codes reach to secrecy capacity in the binary-input wiretap channels in symmetric settings for which the wiretapper's channel is degraded with respect to the main channel. The first task of this paper is to propose a coding scheme to achieve secrecy capacity in asymmetric nonbinary-input channels while keeping reliability and security conditions satisfied. Our assumption is that the wiretap channel is stochastically degraded with respect to the main channel and message distribution is unspecified. The main idea is to send information set over good channels for Bob and bad channels for Eve and send random symbols for channels that are good for both. In this scheme the frozen vector is defined over all possible choices using polar codes ensemble concept. We proved that there exists a frozen vector for which the coding scheme satisfies reliability and security conditions. It is further shown that uniform distribution of the message is the necessary condition for achieving secrecy capacity.

Hashem Moradmand Ziyabar, Mahnaz Sinaie, Ali Payandeh et al.

Recently, arithmetic coding has attracted the attention of many scholars because of its high compression capability. Accordingly, in this paper a method which adds secrecy to this well-known source code is proposed. Finite state arithmetic code (FSAC) is used as source code to add security. Its finite state machine (FSM) characteristic is exploited to insert some random jumps during source coding process. In addition, a Huffman code is designed for each state to make decoding possible even in jumps. Being Prefix free, Huffman codes are useful in tracking correct states for an authorized user when s/he decodes with correct symmetric pseudo random key. The robustness of our proposed scheme is further reinforced by adding another extra uncertainty by swapping outputs of Huffman codes in each state. Several test images are used for inspecting the validity of the proposed Huffman Finite State Arithmetic Coding (HFSAC). The results of several experimental, key space analyses, statistical analysis, key sensitivity and plaintext sensitivity tests show that HFSAC with a little effect on compression efficiency for image cryptosystem provides an efficient and secure way for real-time image encryption and transmission.