Search Results (3)

Computer security depends mainly on passwords to protect human users from attackers. Therefore, manual and alphanumerical passwords are the most frequent type of computer authentication. However, creating these passwords has significant drawbacks. For example, users often tend to choose passwords based on personal information so that they can be memorable and therefore weak and guessable. In contrast, it is often difficult to remember if the password is difficult to guess. We propose an intelligent security model for password generation and estimation to address these problems using the ensemble learning approach and hand gesture features. This paper proposes two intelligent stages: the first is the password generation stage based on the ensemble learning approach and the proposed S-Box. The second is the password strength estimation stage, also based on the ensemble learning approach. Four well-known classifiers are used: Multi-Layer Perceptron (MLP), Support Vector Machine (SVM), Random Forest Tree (RFT), and AdaBoost applied on two datasets: MNIST images dataset and password strength dataset. The experimental results showed that the hand gesture and password strength classification processes accurately performed at 99% in AUC, Accuracy, F1-measures, Precision, and Recall. As a result, the extracted features of hand gestures will directly impact the complexity of generated passwords, which are very strong, hard to guess, and memorable. Full article

The Internet of Things (IoT) is prone to malware assaults due to its simple installation and autonomous operating qualities. IoT devices have become the most tempting targets of malware due to well-known vulnerabilities such as weak, guessable, or hard-coded passwords, a lack of secure update procedures, and unsecured network connections. Traditional static IoT malware detection and analysis methods have been shown to be unsatisfactory solutions to understanding IoT malware behavior for mitigation and prevention. Deep learning models have made huge strides in the realm of cybersecurity in recent years, thanks to their tremendous data mining, learning, and expression capabilities, thus easing the burden on malware analysts. In this context, a novel detection and multi-classification vision-based approach for IoT-malware is proposed. This approach makes use of the benefits of deep transfer learning methodology and incorporates the fine-tuning method and various ensembling strategies to increase detection and classification performance without having to develop the training models from scratch. It adopts the fusion of 3 CNNs, ResNet18, MobileNetV2, and DenseNet161, by using the random forest voting strategy. Experiments are carried out using a publicly available dataset, MaleVis, to assess and validate the suggested approach. MaleVis contains 14,226 RGB converted images representing 25 malware classes and one benign class. The obtained findings show that our suggested approach outperforms the existing state-of-the-art solutions in terms of detection and classification performance; it achieves a precision of 98.74%, recall of 98.67%, a specificity of 98.79%, F1-score of 98.70%, MCC of 98.65%, an accuracy of 98.68%, and an average processing time per malware classification of 672 ms. Full article

This paper presents an adaptable password guessability service suited for different password generators according to what a user might need when using such a service. In particular, we introduce a flexible cloud-based software architecture engineered to provide an efficient and robust password guessability service that benefits from all the features and goals expected from cloud applications. This architecture comprises several components, featuring the combination of a synthetic dataset generator realized via a generative adversarial network (GAN), which may learn the distribution of passwords from a given dictionary and generate high-quality password guesses, along with a password guessability estimator realized via a password strength estimation algorithm. In addition to detailing the architecture’s components, we run a performance evaluation on the architecture’s key components, obtaining promising results. Finally, the complete application is delivered and may be used by a user to estimate the strength of a password and the time taken by an average computer to enumerate it. Full article