Journal of Information Security and Cybercrimes Research http://journals.nauss.edu.sa/index.php/JISCR <p style="text-align: justify;">Journal of Information Security and Cybercrimes Research ( JISCR ) is an academic, refreed, and periodic journal. It is a journal published by Naif Arab University for Security Sciences (NAUSS). It publishes specialized researches on the Information Security and their pertinent topics in order to disseminate the comprehensive concept of security.</p> en-US <p>&nbsp; &nbsp; &nbsp; You must read and accept the copyright terms and conditions(<a href="https://journals.nauss.edu.sa/index.php/JISCR/Copyrights" target="_blank" rel="noopener">click here for&nbsp;copyright terms</a>).</p> journals@nauss.edu.sa Journals.Support@nauss.edu.sa Tue, 30 Jul 2019 10:35:43 +0300 OJS 3.2.0.3 http://blogs.law.harvard.edu/tech/rss 60 Secure Mobile Computing Authentication Utilizing Hash, Cryptography and Steganography Combination http://journals.nauss.edu.sa/index.php/JISCR/article/view/861 <p>In this paper, we propose a modification for security authentication systems in mobile devices. Our enhancement is designed to secure information transformation over the internet by combining hash, cryptography and steganography mechanisms. We used the combination for authentication, to secure mobile computing to transfer data in a trusted manner. The proposed work will use hash function to store the secret password to provide increased security. The hashed password is encrypted using AES encryption then hidden inside an image to be called back for authentication whenever needed. The security services provided by this combination mechanisms can assure authenticity, confidentiality, and integrity. Results and comparisons to different options of available mobile computing methods proved that our proposed technique is a promising research direction for real mobile security.</p> Muneera Alotaibi, Daniah Al-hendi, Budoor Alroithy, Manal AlGhamdi, Adnan Gutub Copyright (c) 2019 Journal of Information Security and Cybercrimes Research ( JISCR ) http://journals.nauss.edu.sa/index.php/JISCR/article/view/861 Tue, 30 Jul 2019 00:00:00 +0300 Mitigation of Application Layer DDoS Flood Attack Against Web Servers http://journals.nauss.edu.sa/index.php/JISCR/article/view/860 <p>The Application-layer Distributed Denial of Service (App-DDoS) attack is one of the most menacing types of cyber-attacks that circumvent web servers. Since the attackers have developed different techniques and methods, preventing App- DDoS attacks has become more difficult than ever before. One of the most commonly and targeted protocols in the application-layer is HTTP-GET flooding attacks. The attacker sends a large number of HTTP-GET requests from different infected devices to force the server to assign the maximum resources available in response to every single request. The objective of this attack is to exhaust the server’s resources and deny service to the legitimate users. The App-DDoS attacks affect Quality of Service (QoS) and are extremely costly in terms of resource exhaustion. In this paper, we discuss development and testing of an App-DDoS attack detection and mitigation model in order to defend web servers against threats. Our design model employs three principle states: normal, screening and suspicious. The defense model transits between these modes based on the server load. We use Machine Learning (ML) techniques to provide high detection accuracy of App-DDoS attacks. Our experimental results demonstrate that this defense system is effective against App-DDoS attack.</p> Ahamed Aljuhani, Talal Alharbi, Bradley Taylor Copyright (c) 2019 Journal of Information Security and Cybercrimes Research ( JISCR ) http://journals.nauss.edu.sa/index.php/JISCR/article/view/860 Tue, 30 Jul 2019 00:00:00 +0300 Biometric Feature Extraction for Iris Scans http://journals.nauss.edu.sa/index.php/JISCR/article/view/858 <p>This paper generally seeks to demonstrate understanding and use of iris scans for biometric identification. Salient features of iris are identified, their extracts analyzed critically by use of a soft­ware. The software for extraction of the features is developed on MATLAB platform. Already pre­pared iris scans are used due to lack of scanners and/or very high resolution cameras that would have otherwise assisted to obtain the required dis­tinct features for comparison. The program devel­oped would compare two iris images a time and determine if they came from same individual; what we are referring to as matching. A computer vision algorithm based on The Hough Transform is made use of in determining circles present in the image which are essentially the iris and pupil. The region of interest from which the unique features are obtained would be located between papillary and limbic boundaries. Papillary (between iris and pupil) while limbic boundary is the one demarcat­ing the iris and sclera. The comparison entails first determining codes of the two iris images through generation of separate biometric template for them then using encoding procedure. Hamming distance calculation between the iris codes determines if they match.</p> Muhanned AL-Rawi Copyright (c) 2019 Journal of Information Security and Cybercrimes Research ( JISCR ) http://journals.nauss.edu.sa/index.php/JISCR/article/view/858 Tue, 30 Jul 2019 00:00:00 +0300 Comparative Study of Database Security In Cloud Computing Using AES and DES Encryption Algorithms http://journals.nauss.edu.sa/index.php/JISCR/article/view/859 <p>Security is consider as one of the largest part important aspects in daily computing. The security is important in cloud computing especially for data save in cloud because it have sensitivity and import data as well many user can access to same data. Unfortunately the increase of the cloud user has been accompanied with a increase in malicious action in the cloud and data not be completely trustworthy. Because of that the cloud computing security become big issue in the cloud data. The danger of malicious in the cloud and the crash of cloud services have received a strong interest by researchers. Here, we present a comparative study between state-of-art approaches to overcome these issues. This paper test and compare between the Data Encryption Standard (DES) and Advanced Encryption Standard (AES) in term of different input size that result the AES is faster than DES in the encryption time but in decryption the DES faster than AES from 20KB to 100 KB after that the DES rise sharply and AES rise slightly that make ASE faster than DES in the decryption time from 120 KB to 300KB. </p><p> </p> Nora Abdullah Al-gohany, Sultan Almotairi Copyright (c) 2019 Journal of Information Security and Cybercrimes Research ( JISCR ) http://journals.nauss.edu.sa/index.php/JISCR/article/view/859 Tue, 30 Jul 2019 00:00:00 +0300 Vertical Fragmentation for Database Using FPClose Algorithm http://journals.nauss.edu.sa/index.php/JISCR/article/view/862 <p>Vertical fragmentation technique is used to enhance the performance of database system and reduce the number of access to irrelevant instances by splitting a table or relation into different fragments vertically. The partitioning design can be derived using FPClose algorithm, which is a data mining algorithm used to extract the frequent closed itemsets in a dataset. A new design approach is implemented to perform fragmentation. A benchmark with different minimum support levels is tested. The obtained results from FPClose algorithm are compared with the Apriori algorithm.</p> Arwa S. Al-Shannaq, Sultan Almotairi Copyright (c) 2019 Journal of Information Security and Cybercrimes Research ( JISCR ) http://journals.nauss.edu.sa/index.php/JISCR/article/view/862 Tue, 30 Jul 2019 00:00:00 +0300 A URL with Image-based Feature Extraction for Preventing Phishing Attacks http://journals.nauss.edu.sa/index.php/JISCR/article/view/857 <p>Currently, Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to lead victims to reveal their personal, financial data by misdirecting them to the counterfeit website. We compared previous password protection solutions, some of the presented solutions use specialized equipment or additional servers to protect passwords. Other solutions are prone to spoofing and phishing attacks as well as introduce usability issues. Also these solutions do not address the challenge of protecting passwords against the adversary who can, for instance, exploit server-side software vulnerabilities. Our goal is enhancing the best solution to prevent phishing by alerting the users from phishing websites when detected based on URL with image-based feature extraction method.</p> Dyaa Eldeen Nasr Motawa, Ahamed El Shrief Copyright (c) 2019 Journal of Information Security and Cybercrimes Research ( JISCR ) http://journals.nauss.edu.sa/index.php/JISCR/article/view/857 Tue, 30 Jul 2019 00:00:00 +0300