-
Digital Video Manipulation Detection Technique Based on Compression Algorithms
Authors:
Edgar Gonzalez Fernandez,
Ana Lucila Sandoval Orozco,
Luis Javier Garcia Villalba
Abstract:
Digital images and videos play a very important role in everyday life. Nowadays, people have access the affordable mobile devices equipped with advanced integrated cameras and powerful image processing applications. Technological development facilitates not only the generation of multimedia content, but also the intentional modification of it, either with recreational or malicious purposes. This i…
▽ More
Digital images and videos play a very important role in everyday life. Nowadays, people have access the affordable mobile devices equipped with advanced integrated cameras and powerful image processing applications. Technological development facilitates not only the generation of multimedia content, but also the intentional modification of it, either with recreational or malicious purposes. This is where forensic techniques to detect manipulation of images and videos become essential. This paper proposes a forensic technique by analysing compression algorithms used by the H.264 coding. The presence of recompression uses information of macroblocks, a characteristic of the H.264-MPEG4 standard, and motion vectors. A Vector Support Machine is used to create the model that allows to accurately detect if a video has been recompressed.
△ Less
Submitted 3 February, 2024;
originally announced March 2024.
-
Adaptive Artificial Immune Networks for Mitigating DoS flooding Attacks
Authors:
Jorge Maestre Vidal,
Ana Lucila Sandoval Orozco,
Luis Javier García Villalba
Abstract:
Denial of service attacks pose a threat in constant growth. This is mainly due to their tendency to gain in sophistication, ease of implementation, obfuscation and the recent improvements in occultation of fingerprints. On the other hand, progress towards self-organizing networks, and the different techniques involved in their development, such as software-defined networking, network-function virt…
▽ More
Denial of service attacks pose a threat in constant growth. This is mainly due to their tendency to gain in sophistication, ease of implementation, obfuscation and the recent improvements in occultation of fingerprints. On the other hand, progress towards self-organizing networks, and the different techniques involved in their development, such as software-defined networking, network-function virtualization, artificial intelligence or cloud computing, facilitates the design of new defensive strategies, more complete, consistent and able to adapt the defensive deployment to the current status of the network. In order to contribute to their development, in this paper, the use of artificial immune systems to mitigate denial of service attacks is proposed. The approach is based on building networks of distributed sensors suited to the requirements of the monitored environment. These components are capable of identifying threats and reacting according to the behavior of the biological defense mechanisms in human beings. It is accomplished by emulating the different immune reactions, the establishment of quarantine areas and the construction of immune memory. For their assessment, experiments with public domain datasets (KDD'99, CAIDA'07 and CAIDA'08) and simulations on various network configurations based on traffic samples gathered by the University Complutense of Madrid and flooding attacks generated by the tool DDoSIM were performed.
△ Less
Submitted 12 February, 2024;
originally announced February 2024.
-
Compression effects and scene details on the source camera identification of digital videos
Authors:
Raquel Ramos López,
Ana Lucila Sandoval Orozco,
Luis Javier García Villalba
Abstract:
The continuous growth of technologies like 4G or 5G has led to a massive use of mobile devices such as smartphones and tablets. This phenomenon, combined with the fact that people use mobile phones for a longer period of time, results in mobile phones becoming the main source of creation of visual information. However, its reliability as a true representation of reality cannot be taken for granted…
▽ More
The continuous growth of technologies like 4G or 5G has led to a massive use of mobile devices such as smartphones and tablets. This phenomenon, combined with the fact that people use mobile phones for a longer period of time, results in mobile phones becoming the main source of creation of visual information. However, its reliability as a true representation of reality cannot be taken for granted due to the constant increase in editing software. This makes it easier to alter original content without leaving a noticeable trace in the modification. Therefore, it is essential to introduce forensic analysis mechanisms to guarantee the authenticity or integrity of a certain digital video, particularly if it may be considered as evidence in legal proceedings. This paper explains the branch of multimedia forensic analysis that allows to determine the identification of the source of acquisition of a certain video by exploiting the unique traces left by the camera sensor of the mobile device in visual content. To do this, a technique that performs the identification of the source of acquisition of digital videos from mobile devices is presented. It involves 3 stages: (1) Extraction of the sensor fingerprint by applying the block-based technique. (2) Filtering the strong component of the PRNU signal to improve the quality of the sensor fingerprint. (3) Classification of digital videos in an open scenario, that is, where the forensic analyst does not need to have access to the device that recorded the video to find out the origin of the video. The main contribution of the proposed technique eliminates the details of the scene to improve the PRNU fingerprint. It should be noted that these techniques are applied to digital images and not to digital videos.
△ Less
Submitted 7 February, 2024;
originally announced February 2024.
-
Authentication and integrity of smartphone videos through multimedia container structure analysis
Authors:
Carlos Quinto Huamán,
Ana Lucila Sandoval Orozco,
Luis Javier García Villalba
Abstract:
Nowadays, mobile devices have become the natural substitute for the digital camera, as they capture everyday situations easily and quickly, encouraging users to express themselves through images and videos. These videos can be shared across different platforms exposing them to any kind of intentional manipulation by criminals who are aware of the weaknesses of forensic techniques to accuse an inno…
▽ More
Nowadays, mobile devices have become the natural substitute for the digital camera, as they capture everyday situations easily and quickly, encouraging users to express themselves through images and videos. These videos can be shared across different platforms exposing them to any kind of intentional manipulation by criminals who are aware of the weaknesses of forensic techniques to accuse an innocent person or exonerate a guilty person in a judicial process. Commonly, manufacturers do not comply 100% with the specifications of the standards for the creation of videos. Also, videos shared on social networks, and instant messaging applications go through filtering and compression processes to reduce their size, facilitate their transfer, and optimize storage on their platforms. The omission of specifications and results of transformations carried out by the platforms embed a features pattern in the multimedia container of the videos. These patterns make it possible to distinguish the brand of the device that generated the video, social network, and instant messaging application that was used for the transfer. Research in recent years has focused on the analysis of AVI containers and tiny video datasets. This work presents a novel technique to detect possible attacks against MP4, MOV, and 3GP format videos that affect their integrity and authenticity. The method is based on the analysis of the structure of video containers generated by mobile devices and their behavior when shared through social networks, instant messaging applications, or manipulated by editing programs. The objectives of the proposal are to verify the integrity of videos, identify the source of acquisition and distinguish between original and manipulated videos.
△ Less
Submitted 5 February, 2024;
originally announced February 2024.
-
A novel pattern recognition system for detecting Android malware by analyzing suspicious boot sequences
Authors:
Jorge Maestre Vidal,
Marco Antonio Sotelo Monge,
Luis Javier García Villalba
Abstract:
This paper introduces a malware detection system for smartphones based on studying the dynamic behavior of suspicious applications. The main goal is to prevent the installation of the malicious software on the victim systems. The approach focuses on identifying malware addressed against the Android platform. For that purpose, only the system calls performed during the boot process of the recently…
▽ More
This paper introduces a malware detection system for smartphones based on studying the dynamic behavior of suspicious applications. The main goal is to prevent the installation of the malicious software on the victim systems. The approach focuses on identifying malware addressed against the Android platform. For that purpose, only the system calls performed during the boot process of the recently installed applications are studied. Thereby the amount of information to be considered is reduced, since only activities related with their initialization are taken into account. The proposal defines a pattern recognition system with three processing layers: monitoring, analysis and decision-making. First, in order to extract the sequences of system calls, the potentially compromised applications are executed on a safe and isolated environment. Then the analysis step generates the metrics required for decision-making. This level combines sequence alignment algorithms with bagging, which allow scoring the similarity between the extracted sequences considering their regions of greatest resemblance. At the decision-making stage, the Wilcoxon signed-rank test is implemented, which determines if the new software is labeled as legitimate or malicious. The proposal has been tested in different experiments that include an in-depth study of a particular use case, and the evaluation of its effectiveness when analyzing samples of well-known public datasets. Promising experimental results have been shown, hence demonstrating that the approach is a good complement to the strategies of the bibliography.
△ Less
Submitted 5 February, 2024;
originally announced February 2024.
-
A security framework for Ethereum smart contracts
Authors:
Antonio López Vivar,
Ana Lucila Sandoval Orozco,
Luis Javier García Villalba
Abstract:
The use of blockchain and smart contracts have not stopped growing in recent years. Like all software that begins to expand its use, it is also beginning to be targeted by hackers who will try to exploit vulnerabilities in both the underlying technology and the smart contract code itself. While many tools already exist for analyzing vulnerabilities in smart contracts, the heterogeneity and variety…
▽ More
The use of blockchain and smart contracts have not stopped growing in recent years. Like all software that begins to expand its use, it is also beginning to be targeted by hackers who will try to exploit vulnerabilities in both the underlying technology and the smart contract code itself. While many tools already exist for analyzing vulnerabilities in smart contracts, the heterogeneity and variety of approaches and differences in providing the analysis data makes the learning curve for the smart contract developer steep. In this article the authors present ESAF (Ethereum Security Analysis Framework), a framework for analysis of smart contracts that aims to unify and facilitate the task of analyzing smart contract vulnerabilities which can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.
△ Less
Submitted 5 February, 2024;
originally announced February 2024.
-
Recommendations on Statistical Randomness Test Batteries for Cryptographic Purposes
Authors:
Elena Almaraz Luengo,
Luis Javier García Villalba
Abstract:
Security in different applications is closely related to the goodness of the sequences generated for such purposes. Not only in Cryptography but also in other areas, it is necessary to obtain long sequences of random numbers or that, at least, behave as such. To decide whether the generator used produces sequences that are random, unpredictable and independent, statistical checks are needed. Diffe…
▽ More
Security in different applications is closely related to the goodness of the sequences generated for such purposes. Not only in Cryptography but also in other areas, it is necessary to obtain long sequences of random numbers or that, at least, behave as such. To decide whether the generator used produces sequences that are random, unpredictable and independent, statistical checks are needed. Different batteries of hypothesis tests have been proposed for this purpose.
In this work, a survey of the main test batteries is presented, indicating their pros and cons, giving some guidelines for their use and presenting some practical examples.
△ Less
Submitted 3 February, 2024;
originally announced February 2024.
-
Efficient Algorithms for Searching Optimal Shortened Cyclic Single-Burst-Correcting Codes
Authors:
Luis Javier García Villalba,
José René Fuentes Cortez,
Ana Lucila Sandoval Orozco,
Mario Blaum
Abstract:
In a previous work it was shown that the best measure for the efficiency of a single burst-correcting code is obtained using the Gallager bound as opposed to the Reiger bound. In this paper, an efficient algorithm that searches for the best (shortened) cyclic burst-correcting codes is presented. Using this algorithm, extensive tables that either tie existing constructions or improve them are obtai…
▽ More
In a previous work it was shown that the best measure for the efficiency of a single burst-correcting code is obtained using the Gallager bound as opposed to the Reiger bound. In this paper, an efficient algorithm that searches for the best (shortened) cyclic burst-correcting codes is presented. Using this algorithm, extensive tables that either tie existing constructions or improve them are obtained for burst lengths up to b=10.
△ Less
Submitted 27 January, 2011;
originally announced January 2011.