فصلنامه پدافند الکترونیکی و سایبری
سال یازدهم شماره 2 (پیاپی 42، تابستان 1402)

The Internet of Things is a network of physical devices and equipment that includes sensors, software, and other technologies for exchanging data with other devices and systems over the Internet. The spread of the Internet of Things in the fields of smart health, smart agriculture, smart city, smart home, has revolutionized human life. Given the importance of the Internet of Things, identifying anomalies and malicious traffic is essential to maintaining privacy, network stability, and blocking unwanted behaviors. Due to the limited resources on IoT devices, traditional methods cannot be used directly to secure IoT devices and networks. To solve this problem, an artificial neural network-based identification method and in-depth learning has been developed to identify malformations and malicious traffic about which there is no predefined information. The data set used in this method is a combination of malicious and healthy traffic collected from related sources and feature extraction manually. Deep artificial neural network was applied to the data set and preprocessed and the results were analyzed with some conventional machine learning algorithms. The results show that the model designed using neural network and deep learning is able to detect anomalies and malicious traffic in the Internet of Things with an accuracy rate of more than 98.9% and an accuracy rate of 99.3%. In addition, the detection speed is 1.7 times faster than machine learning algorithms.

Threat-tolerability as an innovative bilateral concept that focuses on the analysis of insider/adversary behavior is proposed. A zero sum differential game is designed to model the interaction between the two introduced state variables, threat and tolerability. A Lanchester-type equations is used to present the dynamics of threat-tolerability due to contradictory behavior of insider and adversary. The main advantage of the proposed method is that it could help to optimize the two side player’s strategies and actions during the game period based on threat-tolerability dynamic. As the game progresses each player observes game position, i.e., the threat level for targets and tolerability level for insider and tries to schedule its resources to influence final game’ profits. Player could resolve offensive, defensive and maneuvering share on total available resources. Deciding on extent resources used for each strategy can be considered as control input for each player to change game’s profits. A simple tracking scenario is used to demonstrate how threat and tolerability dynamics could be used as a tool for optimal resource assignment.

Smartphones are now well integrated with advanced capabilities and technologies such as the Internet. Today, due to the facilities and capabilities and the widespread use of smart mobile devices, mobile security has become a vital issue worldwide. Smartphones are not properly protected compared to computers and computer networks, and users do not consider security updates. Recently, mobile devices and networks have been targeted by one of the most dangerous cyber threats known as botnets. Mobile Bantent An enhanced example of Boutons has the ability to perform malicious operations such as denial of service attacks, data theft, eavesdropping, and more. Bunters use three communication protocols: HTTP, SMS and Bluetooth to communicate with each other; So when users are not connected to the Internet, botnets are able to communicate with each other. In this study, to identify mobile batonet from 14 Android baton families, including 1932 samples of Android mobile devices applications and 4304 samples of safe and secure Android mobile devices applications have been used. Application permissions were extracted for reverse engineering to automatically classify and detect types of botnets, then based on these permissions, each application was converted to an equivalent image using the proposed method. Labeled images were then used to train convolutional neural networks. The results of evaluation and comparison of this method with classical methods including backup vector machine and decision tree showed that the proposed method is able to achieve higher efficiency in detecting different types of botnets and separating it from healthy programs

This paper proposes the use of a trusted decoder and forward (DF) Unmanned Aerial Vehicle (UAV) relay to establish a covert communication between a terrestrial transmitter (Alice) and a receiver (Bob), which is located in a remote area outside the allowable transmitting radius of Alice. The terrestrial transmitter uses the Maximum Ratio Transmission (MRT) technique and several antennas to send the covert signal, and also the UAV relay operates in a Full-Duplex frequency band so that in addition to relaying Alice’s signal message to Bob, it also sends disturbance signals to increase the covert transmission detection error by the eavesdropping UAV. In this paper, the source-based jamming scheme (SBJ) is used to avoid the need of using an external jammer in the network. First, the covert transmission conditions in the mentioned network have been investigated and the optimal detection thresholds of the eavesdropping UAV have been obtained with respect to the terrestrial transmitter and the UAV relay. In the simulations, the effects of using multiple antennas at the transmitter as well as the location of the eavesdropping UAV have been investigated to indicate the effectiveness of the proposed covert communication relay scheme with the help of a UAV relay.

During the very last decade, people have been spending lots of time working with social networks to interact with friends and to share information, thoughts, news, and etc. These social networks comprise a very important part of our daily lives. Along with the exploitation of the development of social networks, finding influential individuals in a social network has many practical functions in marketing, politics, and even control of the diseases. In the present research, a novel method called the dynamic generalized vulture algorithm has been proposed to solve influence maximization problems. Regarding the fact that in real world social networks own very dynamic and scalable nature, through our proposed algorithm, we have considered two important criteria which have been rarely taken into consideration in previous projects. The first criterion is due to the network structure change during time pass and the other refers to scalability. The suggested algorithm was measured considering standard data sets. The results showed that the proposed algorithm has been more scalable and has had higher precision in locating the most influential tops in such networks compared with other algorithms due to the reduction of search area and using several different mechanisms during navigation and optimization, balance creation and moving through these stages.

Cyber-physical systems were introduced with the introduction of the cyber sector into physical systems and the emergence of Industry 4.0. Although the main purpose of this combination has been to increase the efficiency, stability and manageability of physical systems, but this combination and integration has created very serious threats to physical systems. Successful attacks on these systems may lead to disruption or physical damage such as damage to equipment, products or even damage to humans. Therefore, the security of cyber-physical systems has become one of the important research topics. In this article, a method for quantitative assessment of security risk in cyber-physical systems is presented. This method divides the important and vital components affecting the security risks of cyber-physical systems into two categories: attacker profile and system profile, and quantitatively estimates the risk based on the index components of these two profile categories. These components include attack possibility, attack detection, attacker's knowledge of the target system, time to failure, system cost, system recovery and repair cost, and vulnerability rate. Finally, in order to demonstrate the applicability, the proposed method has been applied to a cyber-physical system and the security risk has been evaluated.

Nowadays, Android-based devices such as smart phones, tablets, and recently virtual reality headsets have found increasing usage in our daily lives. Along with the development of software for these devices, new malicious applications are released by intruders, which are more difficult to identify and deal with because they use more sophisticated methods. Although methods have been provided to calculate the security risk and identify malicious apps, but with the expansion of the level and depth of their threats, the need for new methods in this field is still required. In this study, we have presented a new algorithm to calculate the security risk of Android apps, which can be used to identify malicious apps from benign ones. In this algorithm, to estimate the security risk of an input app, the nearest neighbors of the type of malicious apps and the nearest neighbors of the type of normal apps are determined separately using Hamming distance. Then, based on the criteria presented in this article, the security risk of an unknown input app can be computed. After implementing this algorithm and adjusting the parameter of the number of neighbors with the help of real data, extensive various experiments were conducted in order to evaluate the proposed method. In these experiments, the proposed method was compared with three previously known methods in the context of detecting malicious apps, using four different datasets. The results show the higher detection rate of the proposed method in most cases.

Satellite communication is considered a significant part of the enemy's communication information in electronic warfare due to its unique features and widespread use in communication systems. Therefore, from the electronic support (ES) perspective, monitoring ability and identifying and analyzing enemy satellite network communication are very important. However, the new CNC technology in satellite communication has challenged the detection and analysis of the communication signal based on this technology in non-cooperative receivers, due to the nature of time-frequency overlaps. So far, no method for detecting the presence of interfering signals has been presented in open scientific literature. In this paper, the statistical cyclostationary properties of communication signals are used as a new method of detecting in-band interference in CNC satellite communication. To achieve this goal, first, the cyclic autocorrelation function for interfering signals is calculated, and mathematical equations of cyclic power spectrum density function are developed for interfering signals with less computational complexity. Then, using periodicity statistical properties of signals, in-band interference will be detected and the carrier frequencies of each interfering signal are also estimated. The results of the simulations show that the probability of correctly identifying the interference and estimating the carrier frequency in the time-frequency interference of two signals with BPSK and QPSK modulations is different. In BPSK modulation, the probability from the signal-to-noise ratio of -10dB is constant and around 98%, but in QPSK modulation, it increases from the signal-to-noise ratio of 0dB and reaches 80% in the signal-to-noise ratio of 35dB.

Test data generation is one of the costly parts of the software testing, which is performed according to the designed test cases. The problem of designing test cases and then generating optimized test data is one of the challenges of the software testing, including the mutation testing technique. mutation testing has the ability to measure the test cases quality and determine the adequate test cases. However, to perform mutation testing, you need a test set that provides the maximize Coverage of source code and thus have the ability to identify the program errors. In this work, we use code coverage techniques to design test cases and automatically generate optimized test data using the meta-heuristic FA-MABC algorithm. The results are a test suite that cover and test the maximum number of source code lines. Such test suite is more likely to identify errors and get a higher score in the mutation testing. In the proposed method to obtain effective test cases, first generated test cases are applied to mutation testing and then effective test cases are extracted using the Extinguished mutation table. The results of the evaluation show that the FA-MABC algorithm reduces the time of the test data generation, and “modified condition / decision coverage”, increases the mutation score.

Deflecting missile’s radar guidance or missile’s seeker by chaff is a common and effective defensive method which is used in military vessels. To counter this defensive measure, methods for recognition targets from chaff have been developed, which generally focus on the special features of chaff or target. These features should be able to perform properly in different operating conditions of the radar or different environmental conditions that change the behavior of the radar. But there is no effective feature that can distinguish target from chaff with appropriate accuracy in all conditions, and different features do not have the same performance in different environmental conditions or radar working parameters such as different waveforms and as a result their performance changes. In this article, by using artificial neural network, a structure is presented for detecting chaff and target in a radar, whose performance in different environmental conditions and waveforms has been better than the existing methods and significantly improved the accuracy of target detection from chaff and led to appropriate accuracy. Also, to improve the performance of the radar with a cognitive approach, its transmitted waveform is optimally selected and changed at each stage. For this purpose, a feedback neural network with LSTM layers has been used, which suggest the optimal waveform according to changes in the environment. The general structure of the proposed method is so that first of all, by using pre-processing on the received radar data, the features of symmetry, Doppler spread and AGCD are extracted, which contain information that separates the target from the chaff. Then, to remove the effect of noise on these features, thresholding is used. Finally, these features are used to correctly distinguish the target from the chaff in a feed-forward neural network with fully connected layers. On the other hand, in each step, by using the waveform suggestion network, the optimal waveform is selected and used for the next moment. Thus, the proposed structure is an intelligent machine that, in addition to recognizing the target from the signal at each moment, determines what the optimal waveform should be at the next moment. At the end, the effectiveness of this method in comparison to the previous methods, that is, thresholding on the characteristics of symmetry, Doppler and AGCD in distinguishing the target from the chaff is evaluated. It is observable the performance of the proposed system has made a significant improvement.