i-manager Publications

i-manager's Journal on Computer Science (JCOM)

Current Issue Vol. 12 Issue 2

Most Cited

Volume 6 Issue 3 September - November 2018

Research Paper

Computer-Based Local Area Authentication System

O. S. Omorogiuwa* , G. O. Aziken**

*Professor,Department of Electrical and Electronic Engineering, University OF Benin, Benin City, Edo State, Nigeria.

**Professor, Department of Information and Communication Technology, University of Benin, Benin city, Edo State, Nigeria.

Omorogiuwa,O.S., Aziken,G.O.(2018)Computer-Based Local Area Authentication System, i-manager's Journal on Computer Science, 6(3),1-6. https://doi.org/10.26634/jcom.6.3.15695

Abstract

A Computer Based Test (CBT) Local Area Network (LAN) security center was developed using XAMPP (Cross-Platform Apache MariaDB PHP and Perl) integrated net-base application and JAVA object-oriented programming language, using a backend Oracle database (JBuilder and NetBeans) where the Media Access Control (MAC) address of the users will be saved and using hard to spoof measure that is correlated to location of LAN to prevent MAC address spoof. This security system is controlled through the network via the server and controls all clients that choose to use the resources like e-exam platform, e-library, etc. It also views the activities of the users in the network (surveillance system). The security system also keeps history/records of all detection sensor/ MAC address of users, to track any activities carried with the resources. The performance under test was found to be satisfactory, as all unauthorized users are blocked and appropriate warning messages are sent to the client's system by the server when the user attempts to login. This eliminates external users from gaining access to the examination platform.

References

[1]. Al, A., & Abu, Q. (2013). IRS for Computer Character Sequences Filtration: a new software tool and algorithm to support the IRS at tokenization process. International Journal of Advanced Computer Science and Applications, 4(2), 81-85.

[2]. Alotaibi, B., & Elleithy, K. (2016). A new mac address spoofing detection technique based on random forests. Sensors, 16(3), 281.

[3]. Beaver, K. (2013). Hacking for Dummies (4^th Ed.). USA: John Wiley & Sons.

[4]. Kolias, C., Kambourakis, G., Stavrou, A., & Gritzalis, S. (2015). Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials, 18(1), 184-208.

[5]. Okon, E. O., & Samson, D. D. (2015). Software quality and usability for computer-based test in tertiary institution in nigeria: A case study of Kogi State University. American Journal of Educational Research, 3(10), 1224-1229.

[6]. Omorogiuwa, O., & Nwuko, F. N. (2017). Design and implementation of a computer based test centre using biometric for authentication. American Journal of Advanced Research, 1(1), 13-18.

[7]. Omorogiuwa, O. S., & Anyasi, F. I. (2016). An improved means to guild campus based network resources (security system), Journal of Engineering Science and Application (JESA), 9 (1), 43-49.

[8]. Parmar, K., & Jinwala, D. C. (2014, August). Aggregate MAC based authentication for secure data aggregation in wireless sensor networks. In International Conference on Intelligent Computing (pp. 475-483). Springer, Cham.

[9]. Saliu, A. M., Kolo, M. I., Muhammad, M. K., & Nafiu, L. A. (2013). Internet authentication and billing (hotspot) system using MikroTik router operating system. International Journal of Wireless Communications and Mobile Computing, 1(1), 51-57.

[10]. Samra, A. A., & Abed, R. (2010). Enhancement of passive mac spoofing detection techniques. International Journal of Advanced Computer Science and Applications, 1(5), 108-116.

[11]. Todorov, D. (2007). Mechanics of User Identification and Authentication: Fundamentals of Identity Management. USA: Auerbach Publications.

Full Article (HTML)

Pdf

Research Paper

A Soft Computing Approach to Detect E-Banking Phishing Websites using Artificial Neural Network

Shafi’i Muhammad Abdulhamid* , Mubaraq Olamide Usman, Oluwaseun A. Ojerinde, Victor Ndako Adama, John K. Alhassan

*,***Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

,*,** Department of Computer Science, Federal University of Technology, Minna, Nigeria.

Abdulhamid, S. M., Usman, M. O., Ojerinde, O. A., Adama, V. N., Alhassan, J. K. (2018). A Soft Computing Approach to Detecting E-Banking Phishing Websites using Artificial Neural Network, i-manager's Journal on Computer Science, 6(3),7-15. https://doi.org/10.26634/jcom.6.3.15696

Abstract

Phishing is a cybercrime that is described as an art of cloning a web page of a legitimate company with the aim of obtaining confidential data of unsuspecting internet users. Recent researches indicate that a number of phishing detection algorithms have been introduced into the cyber space, however, most of them depend on an existing blacklist or whitelist classification. Therefore, when a new phishing web page is introduced, the detection algorithms find it difficult to correctly classify it as phishing. This paper puts forward a soft computing approach called Artificial Neural Network (ANN) algorithm with confusion matrix analysis for the detection of e-banking phishing websites. The proposed ANN algorithm produces a remarkable percentage of accuracy and reduced false positive rate during detection. This shows that, the ANN algorithm with confusion matrix analysis can produce competitive results that is suitable for detecting phishing in e-banking websites.

References

[1]. Abdulhamid, S. M., Latiff, M. S. A., Chiroma, H., Osho, O., Abdul-Salaam, G., Abubakar, A. I., & Herawan, T. (2017). A review on mobile SMS spam filtering techniques. IEEE Access, 5(1), 15650-66.

[2]. Aburrous, M., Hossain, M. A., Dahal, K., & Thabtah, F. (2010). Experimental case studies for investigating e-banking phishing techniques and attack strategies. Cognitive Computation, 2(3), 242-253.

[3]. Babagoli, M., Aghababa, M. P., & Solouk, V. (2018). Heuristic nonlinear regression strategy for detecting phishing websites. Soft Computing, 19(1), 1-13.

[4]. Damodaram, R., & Valarmathi, M. L. (2011). Phishing website detection and optimization using particle swarm optimization technique. International Journal of Computer Science and Security (IJCSS), 5(5), 477-490.

[5]. Goyal, B., & Bansal, M. (2017). Competent approach for type of phishing attack detection using multi-layer neural network. International Journal of Advanced Engineering Research and Science, 4(1), 210-215. https://dx.doi.org/10.22161/ijaers.4.1.34

[6]. Idris, I., & Abdulhamid, S. M. (2014). An improved AIS based e-mail classification technique for spam detection. arXiv preprint arXiv:1402.1242.

[7]. Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys & Tutorials, 15(4), 2091-2121.

[8]. Latiff, M. S. A., Madni, S. H. H., & Abdullahi, M. (2018). Fault tolerance aware scheduling technique for cloud computing environment using dynamic clustering algorithm. Neural Computing and Applications, 29(1), 279-293.

[9]. Madni, S. H. H., Latiff, M. S. A., Abdullahi, M., Abdulhamid, S. M., & Usman, M. J. (2017). Performance comparison of heuristic algorithms for task scheduling in IaaS cloud computing environment. PLOS One, 12(5), e0176321.

[10]. Madni, S. H. H., Latiff, M. S. A., Coulibaly, Y., & Abdulhamid, S. (2017). Recent advancements in resource allocation techniques for cloud computing environment: A systematic review. Cluster Computing, 20(3), 2489-2533.

[11]. Millersmiles Archives. (2018). Retrieved from http://www.millersmiles.co.uk/

[12]. Mohammad, R. M., Thabtah, F., & McCluskey, L. (2014). Predicting phishing websites based on selfstructuring neural network. Neural Computing and Applications, 25(2), 443-458.

[13]. Mohammad, R., McCluskey, T. L., & Thabtah, F. A. (2013, July). Predicting phishing websites using neural network trained with back-propagation. In Proceedings of the 2013 World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).

[14]. Phishtank. (2018). Retrieved from http://www. phishtank.com/

[15]. Priya, R. (2016). An ideal approach for detection of phishing attacks using naïve bayes classifier. International Journal of Computer Trends and Technology (IJCTT), 40(2), 84-87.

[16]. Starting Point Directory. (2018). Starting Point Web Directory. Retrieved from http://www.stpt.com/directory/

[17]. Wei, W., Li, J., Cao, L., Ou, Y., & Chen, J. (2013). Effective detection of sophisticated online banking fraud on extremely imbalanced data. World Wide Web, 16(4), 449-475.

[18]. Yahoo Directory (2017). website: http://dir.yahoo. com/, Access date: 15/10/2017.

Full Article (HTML)

Pdf

Research Paper

Password Knowledge Versus Password Management

Victor N. Adama* , Noel Moses Dogonyaro, Victor L. Yisa, Baba Meshach, Ekundayo Ayobami

*,*** Lecturer, Department of Computer Science, Federal University of Technology, Minna, Nigeria.

-*,** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Adama, V. N., Dogonyaro, N. M., Yisa, V. L., Meshach, B., Ayobami, E. (2018). Password Knowledge Versus Password Management Practice a Case Study Federal University of Technology, Minna, i-manager's Journal on Computer Science, 6(3),16-24. https://doi.org/10.26634/jcom.6.3.15697

Abstract

User authentication is one of the most important security characteristics of any system given today's globalized digital life style. The safety and security of sensitive data, privacy and also critical infrastructure relies primarily on authentication. Amongst all authentication schemes, text-based passwords are the most deployed across various platforms, thus the importance of evaluating user password management practice cannot be overemphasized. This research, via, a case study aimed at establishing the theoretical password knowledge in comparison to actual password management practice of staff and students from Information Technology (IT) inclined departments of the Federal University of Technology, Minna. Results from the survey reveal that the target respondents are knowledgeable on good password management policies. However, actual password practice results by the respondents showed that they do not comply and effectively implement the theoretical password knowledge they possess. Thus it can be concluded that there is a significant difference between what respondents know compared to their actual practice. Numerous implications abound when this is the case as it makes users more vulnerable to security risks of unauthorized access by unauthorized users.

References

[1]. Blanchard, J. (2014). Weak passwords put millions at risk of bank accounts and other information being hacked online. Mirror. Retrieved from http://www.mirror.co. uk/news/technologyscience/technology/weak-passwords- put-millionsrisk-4439460

[2]. Chiasson, S., Forget, A., Stobert, E., van Oorschot, P. C., & Biddle, R. (2009, November). Multiple password interference in text passwords and click-based graphical passwords. In Proceedings of the 16^th ACM Conference on Computer and Communications Security (pp. 500- 511). ACM.

[3]. De Angeli, A., Coventry, L., Johnson, G., & Renaud, K. (2005). Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 63(1-2), 128-152.

[4]. Florêncio, D., Herley, C., & Van Oorschot, P. C (2014). An administrator's guide to internet password research. In Proceedings of the 28^th USENIX Large Installation System Administration Conference (pp. 35-52).

[5]. Fredericks, D. T., Futcher, L. A., & Thomson, K. L. (2016). Comparing Student Password Knowledge and behavior: A case Study. In Proceedings of the Tenth International Symposium on Human Aspects of Information and Assurance (HAISA 2016) (pp. 167-178).

[6]. Helkala, K., & Bakås, T. H. (2014). Extended results of Norwegian password security survey. Information Management & Computer Security, 22(4), 346-357.

[7]. Kelley, P. G., Komanduri, S., Mazurek, M. L., Shay, R., Vidas, T., Bauer, L., ... & Cranor, L. F. (2013, April). The impact of length and mathematical operators on the usability and security of system-assigned one-time PINs. In International Conference on Financial Cryptography and Data Security (pp. 34-51). Springer, Berlin, Heidelberg.

[8]. McDowell, M., Rafail, J., & Hernan, J. (2009). Choosing and protecting passwords. US-CERT Cyber Security Tip ST04-002. Retrieved from https://www.us-cert. gov/ncas/tips/ST04-002

[9]. Microsoft (2013). Maximum password age. Retrieved from https://technet.microsoft.com/enus/library/ hh994573(v=ws.10).aspx

[10]. Notoatmodjo, G. (2007). Exploring the 'weakest link': A study of personal password security (Doctoral Dissertation, University of Auckland).

[11]. Renaud, K., Mayer, P., Volkamer, M., & Maguire, J. (2013, September). Are graphical authentication mechanisms as strong as passwords? In Computer Science and Information Systems (FedCSIS), 2013 Federated Conference on (pp. 837-844). IEEE.

[12]. Ritó, E. (2018). Smart Cities for a better world. Central European Publications, 2(41), 42-53.

[13]. Stobert, E., & Biddle, R. (2014). The password life cycle: User behaviour in managing passwords. In Symposium on Usable Privacy and Security (SOUPS), Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (pp. 243-255).

[14]. Slain, M (2016). Announcing Our Worst Passwords of 2015. In TeamsID. Retrieved from http://www.teamsid. com/worst-passwords-2015

[15]. University of Illinois (2014). Why you should use different passwords. University of Illinois. Retrieved from https://security.illinois.edu/content/why-you-should-use-different- passwords

Full Article (HTML)

Pdf

Research Paper

An Adaptive Personnel Selection Expert System to Support Organization's Personnel Recruitment Decision Process

Muhammad Ahmad Shehu* , Abdu Haruna , Michael D. Richardson*, Umar Hussein****

- Assistant Lecturer, Department of Computer Science, Federal University, Lokoja, Nigeria.

Graduate, Department of Computer Science, Federal University, Lokoja, Nigeria.

**** Graduate, Department of Computer Science, Salem University Lokoja. Nigeria.

Shehu, M. A., Jatto, A. A., Abdu. H., Hussein, U.(2018)An Adaptive Personnel Selection Expert System to Support Organization’s Personnel Recruitment Decision Process, i-manager's Journal on Computer Science 6(3),25-33. https://doi.org/10.26634/jcom.6.3.15700

Abstract

Personnel recruitment operation which involves selecting the right person for the right job is an essential human resource operation of an organization due to the fact that organizations’ performance depends on its personnel performance. However, personnel selection for recruitment operation of human resource management has various operational behaviors, and when carrying out the operation the operational behaviors should be considered. Due to this consideration, carrying out personnel selection for recruitment operation is complex. To minimize the complexity, various research works developed personnel selection expert systems to carry out personnel selection for recruitment operation considering some of its operational behaviors. However, the behavioral change of personnel selection operation was not considered during the development of their respective proposed expert systems. This study identified an adaptive personnel selection model developed in a research work and the behavioral change feature of personnel selection for recruitment operation was considered. The adaptive personnel selection model was developed using a C4.5 decision tree and frequent and non-frequent patter analysis of data mining. However, the adaptive feature of the adaptive personnel selection model was improved and then implemented as this study proposed adaptive personnel selection expert system.

References

[1]. Akhlaghi, E. (2011). A rough-set based approach to design an expert system for personnel selection. World Academy of Science, Engineering and Technology, 54, 202-205.

[2]. Baird, L., & Meshoulam, I. (1988). Managing two fits of strategic human resource management. Academy of Management Review, 13(1), 116-128.

[3]. Becker, B., & Gerhart, B. (1996). The impact of human resource management on organizational performance: Progress and prospects. Academy of Management Journal, 39(4), 779-801.

[4]. Borman, W. C., Hanson, M. A., & Hedge, J. W. (1997). Personnel Selection. Annual Review of Psychology, 48, 299-337.

[5]. Byun, D. H., & Suh, E. H. (1994). Human resource management expert systems technology. Expert Systems, 11(2), 109-119.

[6]. Byun, D. H., & Suh, E. H. (1996). Assessing key knowledge representation techniques for use in HRM problem domains. Expert Systems with Applications, 11(3), 287-299.

[7]. Daramola, O., Oladipupo, O. O., & Musa, G. A. (2010). A fuzzy expert system (FES) tool for online personnel recruitments. Int. J. Business Information Systems, 6(4), 444-462.

[8]. Flippo, E. B. (1984). Personnel Management. US: McGraw-Hill Inc.

[9]. Güngör, Z., Serhadlıoğlu, G., & Kesen, S. E. (2009). A fuzzy AHP approach to personnel selection problem. Applied Soft Computing, 9(2), 641-646.

[10]. Hough, L. M., & Oswald, F. L. (2000). Personnel selection: Looking toward the future-Remembering the past. Annual Review of Psychology, 51(1), 631-664.

[11]. Lewis, C. (1987). Employee Selection. UK: Nelson Thrones.

[12]. Mehrabad, M. S., & Brojeny, M. F. (2007). The development of an expert system for effective selection and appointment of the jobs applicants in human resource management. Computers & Industrial Engineering, 53(2), 306-312.

[13]. Robertson, I. T., & Smith, M. (2001). Personnel selection. Journal of Occupational and Organizational Psychology, 74(4), 441-472.

[14]. Scarpello, V. G., & Ledvinca, J. (1988). Personnel Human Resources Management. US: South Western Publishing Company.

[15]. Shehu, M. A., & Saeed, F. (2016). An adaptive personnel selection model for recruitment using domaindriven data mining. Journal of Theoretical & Applied Information Technology, 91(1), 117-130.

[16]. Sivaram, N., & Ramar, K. (2010). Applicability of clustering and classification algorithms for recruitment data mining. International Journal of Computer Applications, 4(5), 23-28.

[17]. Sivaram, N., & Ramar, K. (2011). Knowledge Engineering to aid the recruitment process of an Industry by identifying superior selection criteria. ICTACT Journal on Soft Computing.

Full Article (HTML)

Pdf

Research Paper

Evaluation of Classification Algorithms for Phishing URL Detection

Ayanfeoluwa Oluwasola Oluyomi* , Oluwafemi Osho, Maryam Shuaib*

* President, Information System Audit & Control Association (ISACA), Federal University of Technology, Minna, Nigeria.

Lecturer, Department of Cyber Security Science, Federal University of Technology Minna, Nigeria.

* Former Special Assistant, ICT Development to the Governer of Nigeria State, Nigeria.

Oluyomi, A., Osho, O., Shuaib, M.(2018) Evaluation of Classification Algorithms for Phishing URL Detection, i-manager's Journal on Computer Science 6(3),34-41. https://doi.org/10.26634/jcom.6.3.15698

Abstract

A phishing URL is a web address created with the intent of deceiving users into releasing their personal and private data or downloading malware into the users' systems without their knowledge. Increase in the adoption of the Internet has led to corresponding increase in the number of phishing sites globally. Many classification techniques have been developed for detecting phishing URLs. This paper seeks to evaluate the performances of existing techniques. With dataset obtained from UCI Machine Learning Repository, the algorithms were assessed in terms of Accuracy, Precision, Recall, F-Measure, Receiver Operating Characteristic (ROC) area and Root Mean Squared Error (RMSE). From analysis and comparison with results from related literature, the Random Forest was found to perform best.

References

[1]. Abdulhamid, S. M., Shuaib, M., Osho, O., Ismaila, I., & Alhassan, J. K. (2018). Comparative Analysis of Classification Algorithms for Email Spam Detection. International Journal of Computer Network and Information Security, 10(1), 60-67.

[2]. Abu-Nimeh, S., Nappa, D., Wang, X., & Nair, S. (2007, October). A comparison of machine learning techniques for phishing detection. In Proceedings of the Anti-phishing Working Groups 2^nd Annual eCrime Researchers Summit (pp. 60-69). ACM.

[3]. Aburrous, M., Hossain, M. A., Dahal, K., & Thabtah, F. (2010a). Intelligent phishing detection system for ebanking using fuzzy data mining. Expert Systems with Applications, 37(12), 7913-7921.

[4]. Aburrous, M., Hossain, M. A., Dahal, K., & Thabtah, F. (2010b, April). Predicting phishing websites using classification mining techniques with experimental case studies. In Information Technology: New Generations (ITNG), 2010 Seventh International Conference on (pp. 176-181). IEEE.

[5]. Aydin, M., & Baykal, N. (2015, September). Feature extraction and classification phishing websites based on URL. In Communications and Network Security (CNS), 2015 IEEE Conference on (pp. 769-770). IEEE.

[6]. Basnet, R. B., Sung, A. H., & Liu, Q. (2012, June). Feature selection for improved phishing detection. In International Conference on Industrial, Engineering and other Applications of Applied Intelligent Systems (pp. 252- 261). Springer, Berlin, Heidelberg.

[7]. Basnet, R. B., Sung, A. H., & Liu, Q. (2014). Learning to detect phishing URLs. International Journal of Research in Engineering and Technology, 3(6), 11-24.

[8]. Dua, D., & Taniskidou, E. K. (2017). Phishing Websites Dataset [Dataset]. UCI Machine Learning Repository. Retrieved from https://archive.ics.uci.edu/ml/datasets/ phishing+websites. [Accessed: 03-May-2018].

[9]. Feroz, M. N., & Mengel, S. (2014, October). Examination of data, rule generation and detection of phishing URLs using online logistic regression. In Big Data (Big Data), 2014 IEEE International (pp. 241-250).

[10]. Feroz, M. N., & Mengel, S. (2015, June). Phishing URL detection using URL ranking. In Big Data (BigData Congress), 2015 IEEE International Congress on (pp. 635- 638). IEEE.

[11]. Fu, A. Y., Wenyin, L., & Deng, X. (2006). Detecting phishing web pages with visual similarity assessment based on earth mover's distance (EMD). IEEE Transactions on Dependable and Secure Computing, 3(4), 301-311.

[12]. Garera, S., Provos, N., Chew, M., & Rubin, A. D. (2007, November). A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM Workshop on Recurring Malcode (pp. 1-8). ACM.

[13]. Gupta, D. R. (2016). Comparison of classification algorithm to detect phishing web pages using feature selection and extraction. International Journal of Research–Granthaalayah, 4(8), 118-135.

[14]. Huang, H., Qian, L., & Wang, Y. (2012). A SVM-based technique to detect phishing URLs. Information Technology Journal, 11(7), 921-925.

[15]. James, J., Sandhya, L., & Thomas, C. (2013, December). Detection of phishing URLs using machine learning techniques. In Control Communication and Computing (ICCC), 2013 International Conference on (pp. 304-309). IEEE.

[16]. Jin-Lee, L., Dong-Hyun, K., & Chang-Hoon, L. (2015). Heuristic-based Approach for Phishing Site Detection Using URL Features. In Third International Conference Journal on Advances in Computing, Electronics and Electrical Technology (pp. 131-135).

[17]. Khonji, M., Iraqi, Y., & Jones, A. (2011, September). Lexical url analysis for discriminating phishing and legitimate websites. In Proceedings of the 8^th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (pp. 109-115). ACM.

[18]. Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys & Tutorials, 15(4), 2091-2121.

[19]. Ma, J., Saul, L. K., Savage, S., & Voelker, G. M. (2009, June). Beyond blacklists: Learning to detect malicious web sites from suspicious URLs. In Proceedings of the 15^th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 1245-1254). ACM.

[20]. Ma, J., Saul, L. K., Savage, S., & Voelker, G. M. (2011). Learning to detect malicious urls. ACM Transactions on Intelligent Systems and Technology (TIST), 2(3), 1-24.

[21]. Marchal, S., Saari, K., Singh, N., & Asokan, N. (2016, June). Know your phish: Novel techniques for detecting phishing sites and their targets. In 2016 IEEE 36^th International Conference on Distributed Computing Systems (ICDCS) (pp. 323-333). IEEE.

[22]. Miyamoto, D., Hazeyama, H., & Kadobayashi, Y. (2008). An evaluation of machine learning-based methods for detection of phishing sites. In Advances in Neuro-Information Processing (pp. 539-546). Springer, Berlin, Heidelberg.

[23]. Moghimi, M., & Varjani, A. Y. (2016). New rule-based phishing detection method. Expert Systems with Applications, 53, 231-242.

[24]. Mohammad, R. M., Thabtah, F., & McCluskey, L. (2014a). Intelligent rule-based phishing websites classification. IET Information Security, 8(3), 153-160.

[25]. Mohammad, R. M., Thabtah, F., & McCluskey, L. (2014b). Predicting phishing websites based on self-structuring neural network. Neural Computing and Applications, 25(2), 443-458.

[26]. Pradeepthi, K. V., & Kannan, A. (2014, December). Performance study of classification techniques for phishing URL detection. In Advanced Computing (ICoAC), 2014 Sixth International Conference on (pp. 135-139). IEEE.

[27]. Ramanathan, V., & Wechsler, H. (2012, June). Phishing Website detection using latent Dirichlet allocation and AdaBoost. In Intelligence and Security Informatics (ISI), 2012 IEEE International Conference on (pp. 102-107). IEEE.

[28]. Sahoo, D., Liu, C., & Hoi, S. C. (2017). Malicious URL detection using machine learning: A survey (pp. 1-21) Retrieved from http://arxiv.org/abs/1701.07179

[29]. Weka 3. (2018). Data Mining with Open Source Machine Learning Software in Java. Retrieved from http://www.cs.waikato.ac.nz/ml/weka/ [Accessed: 29- Jun-2018].

Full Article (HTML)

Pdf

Research Paper

Development of a Predictive Model for the Detection of CAPTCHA Smuggling Attacks Using Supervised Deep Learning based Approach

Moses O. Omoyele* , Joseph A. Ojeniyi, Olawale S. Adebayo*

* Research Scholar, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

-* Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Omoyele, M., Ojeniyi, J. A., Adebayo, O. S.(2018) Development of a Predictive Model for the Detection of CAPTCHA Smuggling Attacks Using Supervised Deep Learning based Approach, ,i-manager's Journal on Computer Science 6(3),42-49. https://doi.org/10.26634/jcom.6.3.15699

Abstract

CAPTCHA is a piece of program designed to distinguish human beings from bots. These are computer generated tests which can be solved by humans but will be difficult to be solved by computers. Bots smuggled CAPTCHAs are gradually on the increase in order to deceive unsuspecting users and inadvertently infect systems. From the available literature reviewed so far, there is no model to detect or predict CAPTCHA smuggling attack. The aim of this work is to come up with a model capable of predicting this attack. The approach used was based on deep supervised neural network approach. In order to achieve the aim, framework based on hyperparameter specification was developed. The model was evaluated on the available CAPTCHA smuggling dataset. The accuracy of prediction achieved in this work is 77.89% at consistency of 0.1543. The sensitivity and specificity of the model are 78.11% and 78.2%, respectively.

References

[1]. Alsuhibany, S. A. (2016). A benchmark for designing usable and secure text-based captchas. International Journal of Network Security & Its Applications, 8(4), 41-54.

[2]. Bilge, L., Strufe, T., Balzarotti, D., & Kirda, E. (2009, April). All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18^th International Conference on World Wide Web (pp. 551-560). ACM.

[3]. Chen, J., Luo, X., Guo, Y., Zhang, Y., & Gong, D. (2017). A Survey on Breaking Technique of Text-Based CAPTCHA. Security and Communication Networks, 2017, 1-15.

[4]. Chew, M., & Tygar, J. D. (2004, September). Image recognition CAPTCHAs. In International Conference on Information Security (pp. 268-279). Springer, Berlin, Heidelberg.

[5]. Chilluru, M., Naick, B. R., & Nirupama, P. (2015). Captcha based Password Authentication-A New Security Scheme. International Journal of Computer Science and Information Technologies, 6(4), 3514-3522.

[6]. Chow, R., Golle, P., Jakobsson, M., Wang, L., & Wang, X. (2008, February). Making captchas clickable. In Proceedings of the 9^th Workshop on Mobile Computing Systems and Applications (pp. 91-94). ACM.

[7]. Egele, M., Bilge, L., Kirda, E., & Kruegel, C. (2010, March). Captcha smuggling: hijacking web browsing sessions to create captcha farms. In Proceedings of the 2010 ACM Symposium on Applied Computing (pp. 1865- 1870). ACM.

[8]. Gupta, S., & Garg, R. (2015). Taxonomy of tools and techniques for network monitoring and quality assurance in 3G networks. International Journal of Computer Applications, 120 (21), 34-41.

[9]. Hernández-Castro, C. J., R-Moreno, M. D., Barrero, D. F., & Gibson, S. (2017). Using machine learning to identify common flaws in CAPTCHA design: FunCAPTCHA case analysis. Computers & Security, 70, 744-756.

[10]. Nguyen, V. D., Chow, Y. W., & Susilo, W. (2014, May). A CAPTCHA scheme based on the identification of character locations. In International Conference on Information Security Practice and Experience (pp. 60- 74). Springer, Cham.

[11]. Sharma, S., & Seth, N. (2015). Survey of Text CAPTCHA Techniques and Attacks. International Journal of Engineering Trends and Technology (IJETT), 22(6), 240- 245.

[12]. Sivakorn, S., Polakis, I., & Keromytis, A. D. (2016a). I am robot: (deep) learning to break semantic image captchas. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on (pp. 388-403). IEEE.

[13]. Sivakorn, S., Polakis, J., & Keromytis, A. D. (2016b). I'm not a human: Breaking the Google reCAPTCHA. Black Hat. Retrieved from https://www.blackhat.com/docs/ asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human- Breaking-the-Google-reCAPTCHA-wp.pdf

[14]. Uzun, E., Chung, S. P. H., Essa, I., & Lee, W. (2018). rtCaptcha: A real-time CAPTCHA based liveness detection system. In Proceedings NDSS 2018: Network and Distributed System Security Symposium (pp. 1-15).

[15]. Von Ahn, L., Blum, M., & Langford, J. (2004). Telling humans and computers apart automatically. Communications of the ACM, 47(2), 56-60.

[16]. Von Ahn, L., Blum, M., Hopper, N. J., & Langford, J. (2003, May). CAPTCHA: Using hard AI problems for security. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 294-311). Springer, Berlin, Heidelberg.

i-manager's Journal on Computer Science (JCOM)

Current Issue Vol. 12 Issue 2

Most Read

Most Cited

Volume 6 Issue 3 September - November 2018

Computer-Based Local Area Authentication System

O. S. Omorogiuwa* , G. O. Aziken**

*Professor,Department of Electrical and Electronic Engineering, University OF Benin, Benin City, Edo State, Nigeria. **Professor, Department of Information and Communication Technology, University of Benin, Benin city, Edo State, Nigeria.

Omorogiuwa,O.S., Aziken,G.O.(2018)Computer-Based Local Area Authentication System, i-manager's Journal on Computer Science, 6(3),1-6. https://doi.org/10.26634/jcom.6.3.15695

Abstract

References

Full Article (HTML)

Pdf

A Soft Computing Approach to Detect E-Banking Phishing Websites using Artificial Neural Network

Shafi’i Muhammad Abdulhamid* , Mubaraq Olamide Usman**, Oluwaseun A. Ojerinde***, Victor Ndako Adama****, John K. Alhassan*****

*,*****Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria. **,***,**** Department of Computer Science, Federal University of Technology, Minna, Nigeria.

Abdulhamid, S. M., Usman, M. O., Ojerinde, O. A., Adama, V. N., Alhassan, J. K. (2018). A Soft Computing Approach to Detecting E-Banking Phishing Websites using Artificial Neural Network, i-manager's Journal on Computer Science, 6(3),7-15. https://doi.org/10.26634/jcom.6.3.15696

Abstract

References

Full Article (HTML)

Pdf

Password Knowledge Versus Password Management

Victor N. Adama* , Noel Moses Dogonyaro**, Victor L. Yisa***, Baba Meshach****, Ekundayo Ayobami*****

*,***** Lecturer, Department of Computer Science, Federal University of Technology, Minna, Nigeria. **-***,**** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Adama, V. N., Dogonyaro, N. M., Yisa, V. L., Meshach, B., Ayobami, E. (2018). Password Knowledge Versus Password Management Practice a Case Study Federal University of Technology, Minna, i-manager's Journal on Computer Science, 6(3),16-24. https://doi.org/10.26634/jcom.6.3.15697

Abstract

References

Full Article (HTML)

Pdf

An Adaptive Personnel Selection Expert System to Support Organization's Personnel Recruitment Decision Process

Muhammad Ahmad Shehu* , Abdu Haruna **, Michael D. Richardson***, Umar Hussein****

*-** Assistant Lecturer, Department of Computer Science, Federal University, Lokoja, Nigeria. *** Graduate, Department of Computer Science, Federal University, Lokoja, Nigeria. **** Graduate, Department of Computer Science, Salem University Lokoja. Nigeria.

Shehu, M. A., Jatto, A. A., Abdu. H., Hussein, U.(2018)An Adaptive Personnel Selection Expert System to Support Organization’s Personnel Recruitment Decision Process, i-manager's Journal on Computer Science 6(3),25-33. https://doi.org/10.26634/jcom.6.3.15700

Abstract

References

Full Article (HTML)

Pdf

Evaluation of Classification Algorithms for Phishing URL Detection

Ayanfeoluwa Oluwasola Oluyomi* , Oluwafemi Osho**, Maryam Shuaib***

Oluyomi, A., Osho, O., Shuaib, M.(2018) Evaluation of Classification Algorithms for Phishing URL Detection, i-manager's Journal on Computer Science 6(3),34-41. https://doi.org/10.26634/jcom.6.3.15698

Abstract

References

Full Article (HTML)

Pdf

Development of a Predictive Model for the Detection of CAPTCHA Smuggling Attacks Using Supervised Deep Learning based Approach

Moses O. Omoyele* , Joseph A. Ojeniyi**, Olawale S. Adebayo***

* Research Scholar, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria. **-*** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Omoyele, M., Ojeniyi, J. A., Adebayo, O. S.(2018) Development of a Predictive Model for the Detection of CAPTCHA Smuggling Attacks Using Supervised Deep Learning based Approach, ,i-manager's Journal on Computer Science 6(3),42-49. https://doi.org/10.26634/jcom.6.3.15699

Abstract

References

Full Article (HTML)

Pdf

*Professor,Department of Electrical and Electronic Engineering, University OF Benin, Benin City, Edo State, Nigeria.

**Professor, Department of Information and Communication Technology, University of Benin, Benin city, Edo State, Nigeria.

Shafi’i Muhammad Abdulhamid* , Mubaraq Olamide Usman, Oluwaseun A. Ojerinde, Victor Ndako Adama, John K. Alhassan

*,***Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

,*,** Department of Computer Science, Federal University of Technology, Minna, Nigeria.

Victor N. Adama* , Noel Moses Dogonyaro, Victor L. Yisa, Baba Meshach, Ekundayo Ayobami

*,*** Lecturer, Department of Computer Science, Federal University of Technology, Minna, Nigeria.

-*,** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Muhammad Ahmad Shehu* , Abdu Haruna , Michael D. Richardson*, Umar Hussein****

- Assistant Lecturer, Department of Computer Science, Federal University, Lokoja, Nigeria.

Graduate, Department of Computer Science, Federal University, Lokoja, Nigeria.

**** Graduate, Department of Computer Science, Salem University Lokoja. Nigeria.

Ayanfeoluwa Oluwasola Oluyomi* , Oluwafemi Osho, Maryam Shuaib*

Moses O. Omoyele* , Joseph A. Ojeniyi, Olawale S. Adebayo*

* Research Scholar, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

-* Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.