فصلنامه پدافند الکترونیکی و سایبری
سال دهم شماره 2 (پیاپی 38، تابستان 1401)

In Passive Defense, security of communication is very important. Free Space Optic (FSO) communication has a lot of advantages such as high security and high bandwidth. But it suffers from atmospheric turbulence. For mitigation of this effect on FSO performance some methods have been proposed, such as transmitting with the Adaptive Rate (AR) and Automatic Repeat Request (ARQ). In this paper, the performance of hybrid FSO/RF systems with multi-layer design by transmitting AR and ARQ in different conditions of atmospheric turbulence is evaluated by using the ℳ distribution model for optical channel. For two designs (multi-layer with AR and standard-ARQ, and multi-layer with AR and ARQ by frame combining), the Spectral Efficiency criteria, the Average Expected Number and the Level Crossing Rate (LCR) have been compared. The simulation results show that at the first transmission rate, maximum LCR= 80, occurs at the SNR equals to 6dB and 2dB, for the first and the second designs, respectively. Also, at average Spectral Efficiency (3.5 bits /sym), at the persistence level k=2, occurs at the SNR equals to 25dB and 20dB, for the first and the second designs, respectively; which shows the advantages of the second design over the first. Although for these advantages we have to spend more cost. For example, when SNR equals to 20 dB, the Average Expected Number will be 1.00057 in the first and will be 1.35 in the second design, which indicates the higher energy consumption of the second design.

The number of cyber-attacks impressing power systems and leading to physical and economic damages has grown swiftly over the last decade. Among the significant types of cyber-attacks, false data injection attacks (FDIAs) are a class which effect on power network monitoring systems. FDIAs endanger the power grid with manipulating the power system state estimation (SE). Also, electricity theft has revealed as another purpose of the FDAIs, recently. Machine learning based methods has known as one of the FDIAs detection approaches. In this paper, first, with using deep auto-encoder method, the dimensions of the problem and the number of entry data for problem classification and detection are reduced. Then, by employing support vector machine (SVM) approach and data learning method, the detection procedure of cyber-attacks is performed. Also, by changing the number of under training data, the precision of the proposed approach has improved. The presented method is evaluated on the IEEE 14 and 118 bus systems. The obtained simulation results demonstrate that the new method can successfully applied for the accurate and effective detection of FDIAs.

Physical layer secret key generation schemes, usually have two serious challenges in static point-to-point communications: 1) low key generation rate due to low entropy of channel state information and 2) security vulnerability at non-proximity regions due to spatial correlation. To solve the first challenge, local random generator-based schemes can be used. One of these schemes is mutual random phase injection, in which the channel probing signals with random phase are exchanged between the legitimate parties. In this paper, the security of the aforementioned scheme is reviewed in a static point-to-point link with a geometric secrecy approach. For this purpose, the vulnerability regions and secrecy regions are determined, and then a closed expression is provided for the key error probability. Moreover, based on the entropy analysis, the amount of eavesdropper’s equivocation about the key is calculated. The analytical results show that the eavesdropper’s equivocation is very low in static environments. In order to mitigate this weakness, we propose the idea of probing over multiple carrier frequencies instead of one frequency. The aim of this idea is to alter the equivalent channel phase, which leads to a significant increase in key entropy. As an example, the analytical results show that in static environments if single-bit quantization is utilized, the eavesdropper's equivocation about the key equals the number of different carrier frequencies which are used in the probing phase; so if channel probing is performed on a single frequency, the eavesdropper's equivocation will be only one bit, while, using the suggested idea, the eavesdropper's equivocation will be multifold. The simulation results show that if the probing process is performed on several frequencies, the vulnerability regions will decrease and the secrecy regions will increase. At the end of the paper, some suggestions are provided for further research in this field.

Using Ad hoc approach with features such as distributed management between nodes, facilitating their entry and exit into the network and the possibility of better mobility is one of the desirable options for configuration of wireless networks. This sturcture leads to dynamic behavior of the traffic generated by applications in such networks, which affects the issue of network management and traffic control between nodes and this challenge is more important in military networks. Identifying and classifying network traffic can help to deal with these challenges in wireless networks. Because conventional traffic detection and classification methods are not able to provide proper performance with such traffic, the use of machine-learning-based methods can be used to improve the detection and classification performance. In this paper, In this article, the goal is to find a specific network traffic and hence the probability of detection and preventing to make a wrong decision as false alarm rate are introduced which increasing the probability of detection of impermissible traffic is our request. Therefore, in this paper a new hybrid method, based on the combination of machine learning methods is introduced to increase accuracy and efficiency in identifying and classifying traffic in the wireless network based on wireless traffic dataset. The results show that the proposed method improve the detection of a special target without considerable increase in false alarm rate, compared to the case of employing unique machine learning methods.

Nowadays, similar texts recognition is a subject with many applications that due to its importance, has been analyzed and studied by researchers in different languages. In the past, sentences were often used as a set of words to be understood by computer systems. But today, with the spread of technology and the use of deep neural networks, the main concept of sentences can be extracted from the sentences themselves. Therefore, achieving a model that can encode sentences and extract the main concept of the sentence as accurately as possible is one of the essential needs for this purpose.This paper proposes to reach the degree of semantic similarity between sentences and uses deep learning methods. As the deep learning methods need many data, this paper gains an interlinguistic mapping idea. The proposed method maps English word embedding vector space to Persian, and Persian sentence similarity is calculated by a trained model in English. Finally, the final results are compared with human scores. The results of the proposed method show the accuracy of this proposed system to be 89%, which is the superior to other deep learning models.

Fuzzing means repeatedly running program under test by modified inputs, with the aim of finding vulnerabilities in it. If program inputs under test have a complex structure, generating modified inputs for fuzzing is not an easy task. Best solution in these cases is to use the input structure of the program under test to produce accurate test data. The problem is that maybe the input structure documentation of program under test not be available. Human understanding of such complex structures is also very difficult, costly, time consuming, and prone to human errors. To overcome to above problems, use of machine learning and deep neural networks to automatically learn the complex structures of program inputs and generate test data tailored to this structure has been proposed. One of main challenges in this field is using appropriate deep learning model to intended usage. In this paper, suitable deep learning models for learning and test data generation in file-based fuzzers are studied. Also by introducing appropriate parameters to performance evaluation, the evaluation has performed. So recurrent neural networks and its derivations introduced as best deep learning models for text data. Also, effective parameters to performance evalution include training time, loss value in training and evaluate time. Loss value as main parameter once used in various deep learning models with same structure and again in same deep learning models with various structures to select best deep learning model.

With the development of web application software, the challenge of conventional intrusion detection systems against web-based attacks is their lack of access to application layer and web platform features. The proliferation of PHP server-side languages has led to the creation of unreliable applications and security issues in the language’s software. Remote code execution attack is one of the most important web application due to allowing remote access to the processor device and executing the operating system shell commands. Modifying the architecture of network layer intrusion detection systems to application layer and applying layered detection approach using signature-based detections methods and behavior in PHP application software provides remote code execution attacks. In this research, using the layered approach of PHP web application intrusion detection system approach, with 90.4% and 95% accuracy in the signature and behavior based approach, remote code execution attacks are detected.

The EEG-based Guilty Knowledge Test (GKT) is one of the most frequent lie detection methods. Recurrence plot analysis is a conventional chaotic signal processing method applied in different lie detection studies. One of the most important challenges of this method is selecting the appropriate threshold as the criterion of state recurrence in phase space. Inappropriate selection of this threshold significantly affects the performance of this method. So in this study, the fuzzy recurrence plot was applied to overcome this challenge. This method was applied to transform EEG trials into grayscale texture images. Then, Gray-Level Co-Occurrence Matrix (GLCM) was used to extract texture features from these images. Finally, The extracted features were classified using the K-NN classifier. The classification results of the 4-D feature vectors with 90% accuracy indicate the superiority of this method compared to the classic RQA method with 13-D feature vectors. Moreover, this reduction in feature vector dimension improves train and test speed and generalization of the KNN as a Lazy learner.

Road slippery detection is one of the main factors in order to increase road and passenger safety, as well as the development of autonomous vehicles and related technologies. In this regard, various researches have been done with different methods and sensors, using different data such as image, sound and wave frequency. In this article, we have detecetd the road slippery without the use of expensive sensors and methods and only using CCTV images on the roads and based on convoloudnational neural networks. The main idea of this research is the use of transfer learning approach. Therefore, first, the importance and benefits of using transfer learning are expressed in the form of network training with InceptionNetv3 architecture. In the next step, a ResNet50 CNN and a recurrent neural network are combined by using a new framework called GFNet and are trained by using transfer learning. Finally, a tool with the ability to detect the road surface, in three classes of dry, wet and snow, has been obtained with an accuracy of 96.33%.

Today, large-scale vehicles are scattered in different parts of the city and therefore need to be controlled by programmed systems. Automatically finding vehicles in the image and categorizing them is complicated because vehicles come in so many different shapes, colors, and models, and their designs are so different. Therefore, different methods of image analysis have been proposed to solve this problem. But there are some challenges such as the multiplicity of images in a scene, the coherence of the image of the vehicle and the background of the image, the presence of noise in the images, the tolerance to changes in light. In recent years, the use of deep neural networks has been proposed as an effective tool in identification despite the diversity of environmental conditions and objects. But the challenge of using deep neural networks is their high computational load. In this paper, a new approach is used to identify the type of vehicles, which uses a combination of VGG neural network and Yolo image separation and tracking algorithm. This method improves the challenges of the previous methods and also reduces the computational load. The images are taken from two databases, ImageNet and COCO, and these databases are used to train and test the neural network. The results show that the designed system solves many problems well, including increasing the speed of vehicle detection and the problem of computational load. The detection accuracy has increased by 4 to 5% compared to previous systems and has reached about 98%. The advantages of this approach include high-quality image detection and the use of a YOLO algorithm with an acceptable speed in detecting the type of vehicle.

Cyber deception technology is part of the process of identifying and responding to incidents. This technology helps the security team identify and analyze advanced threats by persuading an attacker to strike fake resources. The deception approach is to create a high-precision warning about high-risk behaviors. Deception occurs in a variety of ways, including an active defense approach. Active defense is an approach that is based on the establishment of measures to detect, analyze, identify and reduce threats to communication systems and networks in real time by default, which ultimately leads to cyber security. To better understand the techniques used in active defense, we can refer to Honeypot. Honeypot is a trick that is deliberately placed on the net to be explored by an attacker and to record, track and analyze the activities performed. In this project, we have used a low-interaction honeypot to identify malicious activity. Using these technologies and strategies, we have designed an active cyber defense system (SDF). This system has the ability to monitor and real-time detection of abnormalities that occur in the form of functional level of attackers. Both cyber deception and honeypot work on trapping the attacker by misleading, confusing, and etc. But cyber deception technology is an evolution of Honeypot, extending its limited capabilities.

The growing number of malware is one of the major threats in the field of cyber and its detection has always been associated with challenges. Windows-based malicious executable files perform malicious activity at the target operating system level or any other application by manipulating features in their header and obscuring their behavior. Detecting suspicious specimens from a large volume of input samples as well as discovering new and unknown malware is one of the topics that is always researched by researchers. In this study, a combined method has been proposed to determine the level of maliciousness of suspicious executable files. Kashif's proposed method consists of two static modules for extracting executable file header properties, and two behavioral modules for extracting signature-generating properties and a thoughtful behavioral model based on machine learning methods. The purpose of this study is to identify suspicious Windows executable files from the large volume of files and determine their maliciousness level. This method detects malware based on the maliciousness probability of being assigned to each file. Experiments showed a malignancy percentage of six types of malware for PE header detector module, in the range of 62.7 to 70%, Yara-based detector module, in the range of 70.8 to 78.2%, Behavioral signature-based detector module, 98% and ML-based detector module by using Random forest learning algorithm has been 99% accuracy. The experimental results also showed that Kashef detected 94% of the protected malware with a 2% improvement compared to the results of 10 similar products. And with 98% detection of unprotected malware, there is a 5% improvement compared to the results of 10 similar products.