Mamdouh Alenezi¹, Abhishek Kumar Pandey², Richa Verma³, Mohd Faizan², Shalini Chandra³, Alka Agrawal², Rajeev Kumar^2,4,*, Raees Ahmad Khan²

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2283-2299, 2021, DOI:10.32604/cmc.2021.013579

Abstract Design architecture is the edifice that strengthens the functionalities as well as the security of web applications. In order to facilitate architectural security from the web application’s design phase itself, practitioners are now adopting the novel mechanism of security tactics. With the intent to conduct a research from the perspective of security tactics, the present study employs a hybrid multi-criteria decision-making approach named fuzzy analytic hierarchy process-technique for order preference by similarity ideal solution (AHP-TOPSIS) method for selecting and assessing multi-criteria decisions. The adopted methodology is a blend of fuzzy analytic hierarchy process (fuzzy AHP)… More >

Fahad A. Alzahrani^*

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2599-2625, 2021, DOI:10.32604/cmc.2021.013124

Abstract Usability and security are often considered contradictory in nature. One has a negative impact on the other. In order to satisfy the needs of users with the security perspective, the relationship and trade-offs among security and usability must be distinguished. Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications. In the same league, the present research endeavour is premised on the usable-security of healthcare web applications. For a compatible blend of usability and security that would fulfill the users’ requirments,… More >

Yuhua Sun¹, Lili Yan^1,*, Zhibin Sun², Shibin Zhang¹, Jiazhong Lu¹

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2385-2395, 2021, DOI:10.32604/cmc.2021.012696

Abstract

Private comparison is the basis of many encryption technologies, and several related Quantum Private Comparison (QPC) protocols have been published in recent years. In these existing protocols, secret information is encoded by using conjugate coding or orthogonal states, and all users are quantum participants. In this paper, a novel semi-quantum private comparison scheme is proposed, which employs Bell entangled states as quantum resources. Two semi-quantum participants compare the equivalence of their private information with the help of a semi-honest third party (TP). Compared with the previous classical protocols, these two semi-quantum users can only make

More >

Yichao Zang^1,*, Tairan Hu², Tianyang Zhou², Wanjiang Deng³

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2573-2585, 2021, DOI:10.32604/cmc.2021.012220

Abstract Mining penetration testing semantic knowledge hidden in vast amounts of raw penetration testing data is of vital importance for automated penetration testing. Associative rule mining, a data mining technique, has been studied and explored for a long time. However, few studies have focused on knowledge discovery in the penetration testing area. The experimental result reveals that the long-tail distribution of penetration testing data nullifies the effectiveness of associative rule mining algorithms that are based on frequent pattern. To address this problem, a Bayesian inference based penetration semantic knowledge mining algorithm is proposed. First, a directed More >

Waiel M. Eid^1,2, Samer Atawneh¹, Mousa Al-Akhras^1,3,*

Intelligent Automation & Soft Computing, Vol.26, No.6, pp. 1319-1334, 2020, DOI:10.32604/iasc.2020.013678

Abstract The huge number of devices available in cyberspace and the increasing number of security vulnerabilities discovered daily have added many difficulties in keeping track of security vulnerabilities, especially when not using special security tools and software. Mass scanning of the Internet has opened a broad range of possibilities for security tools that help cybersecurity centers detect weaknesses and vulnerabilities in cyberspace. However, one critical issue faced by national cybersecurity centers is the collection of information about IP addresses and subnet ranges. To develop a data collection mechanism for such information and maintain this information with… More >

Fuxiang Yuan, Fenlin Liu, Chong Liu, Xiangyang Luo^*

Intelligent Automation & Soft Computing, Vol.26, No.6, pp. 1403-1417, 2020, DOI:10.32604/iasc.2020.011902

Abstract IPs in homogeneous blocks are tightly connected and close to each other in topology and geography, which can help geolocate sensitive target IPs and maintain network security. Therefore, this manuscript proposes a city-level homogeneous blocks identification algorithm for IP geolocation. Firstly, IPs with consistent geographic location information in multiple databases and some landmarks in a specific area are obtained as targets; the /31 containing each target is used as a candidate block; vantage points are deployed to probe IPs in the candidate blocks to obtain delays and paths, and alias resolution is performed. Then, based on… More >

Pingshui Wang^1,2,*, Willy Susilo²

Computer Systems Science and Engineering, Vol.36, No.1, pp. 213-224, 2021, DOI:10.32604/csse.2021.014541

Abstract With the development of information technology, the Internet of Things (IoT) has gradually become the third wave of the worldwide information industry revolution after the computer and the Internet. The application of the IoT has brought great convenience to people’s production and life. However, the potential information security problems in various IoT applications are gradually exposed and people pay more attention to them. The traditional centralized data storage and management model of the IoT is easy to cause transmission delay, single point of failure, privacy disclosure and other problems, and eventually leads to unpredictable behavior More >

Roddy A. Correa¹, Juan Ramón Bermejo Higuera², Javier Bermejo Higuera², Juan Antonio Sicilia Montalvo², Manuel Sánchez Rubio², Á. Alberto Magreñán^3,*

CMES-Computer Modeling in Engineering & Sciences, Vol.126, No.1, pp. 89-124, 2021, DOI:10.32604/cmes.2021.010700

Abstract This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications. The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box, to carry out the security validation of a web application in an agile and precise way. The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks. Each one of the phases contemplated in the methodology is supported by security analysis tools of different… More >

Amir Haider¹, Muhammad Adnan Khan², Abdur Rehman³, Muhib Ur Rahman⁴, Hyung Seok Kim^1,*

CMC-Computers, Materials & Continua, Vol.66, No.2, pp. 1785-1798, 2021, DOI:10.32604/cmc.2020.013910

Abstract In recent years, cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things (IoT) and the widespread development of computer infrastructure and systems. It is thus becoming particularly necessary to identify cyber-attacks or irregularities in the system and develop an efficient intrusion detection framework that is integral to security. Researchers have worked on developing intrusion detection models that depend on machine learning (ML) methods to address these security problems. An intelligent intrusion detection device powered by data can exploit artificial intelligence (AI), and especially ML, techniques. Accordingly, we propose in More >

Abdulaziz Attaallah¹, Abdullah Algarni¹, Raees Ahmad Khan^2,*

CMC-Computers, Materials & Continua, Vol.66, No.2, pp. 1849-1865, 2021, DOI:10.32604/cmc.2020.013854

Abstract The advanced technological need, exacerbated by the flexible time constraints, leads to several more design level unexplored vulnerabilities. Security is an extremely vital component in software development; we must take charge of security and therefore analysis of software security risk assumes utmost significance. In order to handle the cyber-security risk of the web application and protect individuals, information and properties effectively, one must consider what needs to be secured, what are the perceived threats and the protection of assets. Security preparation plans, implements, tracks, updates and consistently develops safety risk management activities. Risk management must… More >