The autonomous navigation of an Unmanned Aerial Vehicle(UAV)relies heavily on the navigation sensors.The UAV’s level of autonomy depends upon the various navigation systems,such as state measurement,mapping,and obsta...The autonomous navigation of an Unmanned Aerial Vehicle(UAV)relies heavily on the navigation sensors.The UAV’s level of autonomy depends upon the various navigation systems,such as state measurement,mapping,and obstacle avoidance.Selecting the correct components is a critical part of the design process.However,this can be a particularly difficult task,especially for novices as there are several technologies and components available on the market,each with their own individual advantages and disadvantages.For example,satellite-based navigation components should be avoided when designing indoor UAVs.Incorporating them in the design brings no added value to the final product and will simply lead to increased cost and power consumption.Another issue is the number of vendors on the market,each trying to sell their hardware solutions which often incorporate similar technologies.The aim of this paper is to serve as a guide,proposing various methods to support the selection of fit-for-purpose technologies and components whilst avoiding system layout conflicts.The paper presents a study of the various navigation technologies and supports engineers in the selection of specific hardware solutions based on given requirements.The selection methods are based on easy-to-follow flow charts.A comparison of the various hardware components specifications is also included as part of this work.展开更多
Steganography aims to hide the messages from unauthorized persons for various purposes,e.g.,military correspondence,financial transaction data.Securing the data during transmission is of utmost importance these days.T...Steganography aims to hide the messages from unauthorized persons for various purposes,e.g.,military correspondence,financial transaction data.Securing the data during transmission is of utmost importance these days.The confidentiality,integrity,and availability of the data are at risk because of the emerging technologies and complexity in software applications,and therefore,there is a need to secure such systems and data.There are various methodologies to deal with security issues when utilizing an open system like the Internet.This research proposes a new technique in steganography within RGB shading space to achieve enhanced security compared with existing systems.We evaluate our approach with the help of diverse image quality evaluation techniques including MSE(Mean Square Error),RMSE(Root Mean Square Error),PSNR(Peak Signal-to-Noise Ratio),MAE(Mean Absolute Error),NCC(Normalized Cross-Correlation)and SSIM(Structural Similarity Index).Our experimental results demonstrate improved strength,intangibility,and security when contrasted with existing techniques and vindicate the effectiveness of this exploration work.The proposed approach achieved a 3.6701%average higher score for PSNR Correlation than the next best existing approach.Moreover,in PSNR with a variable amount of cipher embedded in the same images of the same dimensions,the proposed approach attained a 5.22%better score.Embedding the same size of cipher in images of different size resulted a 3.56%better score.展开更多
Over the last decade,a significant increase has been observed in the use of web-based Information systems that process sensitive information,e.g.,personal,financial,medical.With this increased use,the security of such...Over the last decade,a significant increase has been observed in the use of web-based Information systems that process sensitive information,e.g.,personal,financial,medical.With this increased use,the security of such systems became a crucial aspect to ensure safety,integrity and authenticity of the data.To achieve the objectives of data safety,security testing is performed.However,with growth and diversity of information systems,it is challenging to apply security testing for each and every system.Therefore,it is important to classify the assets based on their required level of security using an appropriate technique.In this paper,we propose an asset security classification technique to classify the System Under Test(SUT)based on various factors such as system exposure,data criticality and security requirements.We perform an extensive evaluation of our technique on a sample of 451 information systems.Further,we use security testing on a sample extracted from the resulting prioritized systems to investigate the presence of vulnerabilities.Our technique achieved promising results of successfully assigning security levels to various assets in the tested environments and also found several vulnerabilities in them.展开更多
Robotic manipulators are widely used in applications that require fast and precise motion.Such devices,however,are prompt to nonlinear control issues due to the flexibility in joints and the friction in the motors wit...Robotic manipulators are widely used in applications that require fast and precise motion.Such devices,however,are prompt to nonlinear control issues due to the flexibility in joints and the friction in the motors within the dynamics of their rigid part.To address these issues,the Linear Matrix Inequalities(LMIs)and Parallel Distributed Compensation(PDC)approaches are implemented in the Takagy–Sugeno Fuzzy Model(T-SFM).We propose the following methodology;initially,the state space equations of the nonlinear manipulator model are derived.Next,a Takagy–Sugeno Fuzzy Model(T-SFM)technique is used for linearizing the state space equations of the nonlinear manipulator.The T-SFM controller is developed using the Parallel Distributed Compensation(PDC)method.The prime concept of the designed controller is to compensate for all the fuzzy rules.Furthermore,the Linear Matrix Inequalities(LMIs)are applied to generate adequate cases to ensure stability and control.Convex programming methods are applied to solve the developed LMIs problems.Simulations developed for the proposed model show that the proposed controller stabilized the system with zero tracking error in less than 1.5 s.展开更多
Computing students face the problem with time and quality of the work while managing their graduation/senior projects.Rapid Application Development(RAD)model is based on continual user involvement for the process of r...Computing students face the problem with time and quality of the work while managing their graduation/senior projects.Rapid Application Development(RAD)model is based on continual user involvement for the process of requirement gathering via prototyping.After each iteration,the developers can validate the requirements that are completed in the iteration.Managing a project with RAD is easier but not flexible.On the other hand,Agile project management techniques focus on flexibility,agility,teamwork and quality based on user stories.Continual user involvement is avoided,which requires extensive maintenance time for fixing iteration and release of the story points.This also makes it necessary to provide onsite training to the users of the application.This research provides the pros and cons of RAD and Agile project management techniques,to help students in deciding the best approach for managing their graduation projects.For the evaluation of these techniques,similar case studies were given to the senior project students(having similar CGPAs)for building similar functionality-based applications.The two projects“Life Organizer”developed and managed using RAD and“Smart Patient Assistant(SPA)”developed and managed through Agile methodology were evaluated against the quality assurance criteria for senior projects.The study found that the project developed with RAD methodology performed 13.33%better in providing extensive and elaborated documentation than the students following the Agile technique.On the other hand,SPA-Agile based project,due to teamwork had 2.5%better implementation than Life Organizer-RAD based project.展开更多
The use of electronic communication has been significantly increased over the last few decades.Email is one of the most well-known means of electronic communication.Traditional email applications are widely used by a ...The use of electronic communication has been significantly increased over the last few decades.Email is one of the most well-known means of electronic communication.Traditional email applications are widely used by a large population;however,illiterate and semi-illiterate people face challenges in using them.A major population of Pakistan is illiterate that has little or no practice of computer usage.In this paper,we investigate the challenges of using email applications by illiterate and semi-illiterate people.In addition,we also propose a solution by developing an application tailored to the needs of illiterate/semi-illiterate people.Research shows that illiterate people are good at learning the designs that convey information with pictures instead of text-only,and focus more on one object/action at a time.Our proposed solution is based on designing user interfaces that consist of icons and vocal/audio instructions instead of text.Further,we use background voice/audio which is more helpful than flooding a picture with a lot of information.We tested our application using a large number of users with various skill levels(from no computer knowledge to experts).Our results of the usability tests indicate that the application can be used by illiterate people without any training or third-party’s help.展开更多
Ransomware is a type of malicious software that blocks access to a computer by encrypting user’s files until a ransom is paid to the attacker.There have been several reported high-profile ransomware attacks including...Ransomware is a type of malicious software that blocks access to a computer by encrypting user’s files until a ransom is paid to the attacker.There have been several reported high-profile ransomware attacks including WannaCry,Petya,and Bad Rabbit resulting in losses of over a billion dollars to various individuals and businesses in the world.The analysis of ransomware is often carried out via sandbox environments;however,the initial setup and configuration of such environments is a challenging task.Also,it is difficult for an ordinary computer user to correctly interpret the complex results presented in the reports generated by such environments and analysis tools.In this research work,we aim to develop a user-friendly model to understand the taxonomy and analysis of ransomware attacks.Also,we aim to present the results of analysis in the form of summarized reports that can easily be understood by an ordinary computer user.Our model is built on top of the well-known Cuckoo sandbox environment for identification of the ransomware as well as generation of the summarized reports.In addition,for evaluating the usability and accessibility of our proposed model,we conduct a comprehensive user survey consisting of participants from various fields,e.g.,professional developers from software houses,people from academia(professors,students).Our evaluation results demonstrate a positive feedback of approximately 92%on the usability of our proposed model.展开更多
Classical algorithms and data structures assume that the underlying memory is reliable,and the data remain safe during or after processing.However,the assumption is perilous as several studies have shown that large an...Classical algorithms and data structures assume that the underlying memory is reliable,and the data remain safe during or after processing.However,the assumption is perilous as several studies have shown that large and inexpensive memories are vulnerable to bit flips.Thus,the correctness of output of a classical algorithm can be threatened by a few memory faults.Fault tolerant data structures and resilient algorithms are developed to tolerate a limited number of faults and provide a correct output based on the uncorrupted part of the data.Suffix tree is one of the important data structures that has widespread applications including substring search,super string problem and data compression.The fault tolerant version of the suffix tree presented in the literature uses complex techniques of encodable and decodable error-correcting codes,blocked data structures and fault-resistant tries.In this work,we use the natural approach of data replication to develop a fault tolerant suffix tree based on the faulty memory random access machine model.The proposed data structure stores copies of the indices to sustain memory faults injected by an adversary.We develop a resilient version of the Ukkonen’s algorithm for constructing the fault tolerant suffix tree and derive an upper bound on the number of corrupt suffixes.展开更多
Software reverse engineering is the process of analyzing a software system to extract the design and implementation details.Reverse engineering provides the source code of an application,the insight view of the archit...Software reverse engineering is the process of analyzing a software system to extract the design and implementation details.Reverse engineering provides the source code of an application,the insight view of the architecture and the third-party dependencies.From a security perspective,it is mostly used for finding vulnerabilities and attacking or cracking an application.The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics.Nowadays,reverse engineering is widely used for mobile applications and is considered a security risk.The Open Web Application Security Project(OWASP),a leading security research forum,has included reverse engineering in its top 10 list of mobile application vulnerabilities.Mobile applications are used in many sectors,e.g.,banking,education,health.In particular,the banking applications are critical in terms of security as they are used for financial transactions.A security breach of such applications can result in huge financial losses for the customers as well as the banks.There exist various tools for reverse engineering of mobile applications,however,they have deficiencies,e.g.,complex configurations,lack of detailed analysis reports.In this research work,we perform an analysis of the available tools for reverse engineering of mobile applications.Our dataset consists of the mobile banking applications of the banks providing services in Pakistan.Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool.In addition,we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.展开更多
文摘The autonomous navigation of an Unmanned Aerial Vehicle(UAV)relies heavily on the navigation sensors.The UAV’s level of autonomy depends upon the various navigation systems,such as state measurement,mapping,and obstacle avoidance.Selecting the correct components is a critical part of the design process.However,this can be a particularly difficult task,especially for novices as there are several technologies and components available on the market,each with their own individual advantages and disadvantages.For example,satellite-based navigation components should be avoided when designing indoor UAVs.Incorporating them in the design brings no added value to the final product and will simply lead to increased cost and power consumption.Another issue is the number of vendors on the market,each trying to sell their hardware solutions which often incorporate similar technologies.The aim of this paper is to serve as a guide,proposing various methods to support the selection of fit-for-purpose technologies and components whilst avoiding system layout conflicts.The paper presents a study of the various navigation technologies and supports engineers in the selection of specific hardware solutions based on given requirements.The selection methods are based on easy-to-follow flow charts.A comparison of the various hardware components specifications is also included as part of this work.
基金This research is supported by the Higher Education Commission(HEC),Pakistan through its initiative of National Center for Cyber Security for the affiliated Security Testing-Innovative Secured Systems Lab(ISSL)established at University of Engineering&Technology(UET)Peshawar,Grant No.2(1078)/HEC/M&E/2018/707.
文摘Steganography aims to hide the messages from unauthorized persons for various purposes,e.g.,military correspondence,financial transaction data.Securing the data during transmission is of utmost importance these days.The confidentiality,integrity,and availability of the data are at risk because of the emerging technologies and complexity in software applications,and therefore,there is a need to secure such systems and data.There are various methodologies to deal with security issues when utilizing an open system like the Internet.This research proposes a new technique in steganography within RGB shading space to achieve enhanced security compared with existing systems.We evaluate our approach with the help of diverse image quality evaluation techniques including MSE(Mean Square Error),RMSE(Root Mean Square Error),PSNR(Peak Signal-to-Noise Ratio),MAE(Mean Absolute Error),NCC(Normalized Cross-Correlation)and SSIM(Structural Similarity Index).Our experimental results demonstrate improved strength,intangibility,and security when contrasted with existing techniques and vindicate the effectiveness of this exploration work.The proposed approach achieved a 3.6701%average higher score for PSNR Correlation than the next best existing approach.Moreover,in PSNR with a variable amount of cipher embedded in the same images of the same dimensions,the proposed approach attained a 5.22%better score.Embedding the same size of cipher in images of different size resulted a 3.56%better score.
基金the Higher Education Commission(HEC),Pakistan throughits initiative of National Center for Cyber Security for the affiliated Security Testing-Innovative SecuredSystems Lab(ISSL)established at University of Engineering&Technology(UET)Peshawar,Grant No.2(1078)/HEC/M&E/2018/707.
文摘Over the last decade,a significant increase has been observed in the use of web-based Information systems that process sensitive information,e.g.,personal,financial,medical.With this increased use,the security of such systems became a crucial aspect to ensure safety,integrity and authenticity of the data.To achieve the objectives of data safety,security testing is performed.However,with growth and diversity of information systems,it is challenging to apply security testing for each and every system.Therefore,it is important to classify the assets based on their required level of security using an appropriate technique.In this paper,we propose an asset security classification technique to classify the System Under Test(SUT)based on various factors such as system exposure,data criticality and security requirements.We perform an extensive evaluation of our technique on a sample of 451 information systems.Further,we use security testing on a sample extracted from the resulting prioritized systems to investigate the presence of vulnerabilities.Our technique achieved promising results of successfully assigning security levels to various assets in the tested environments and also found several vulnerabilities in them.
文摘Robotic manipulators are widely used in applications that require fast and precise motion.Such devices,however,are prompt to nonlinear control issues due to the flexibility in joints and the friction in the motors within the dynamics of their rigid part.To address these issues,the Linear Matrix Inequalities(LMIs)and Parallel Distributed Compensation(PDC)approaches are implemented in the Takagy–Sugeno Fuzzy Model(T-SFM).We propose the following methodology;initially,the state space equations of the nonlinear manipulator model are derived.Next,a Takagy–Sugeno Fuzzy Model(T-SFM)technique is used for linearizing the state space equations of the nonlinear manipulator.The T-SFM controller is developed using the Parallel Distributed Compensation(PDC)method.The prime concept of the designed controller is to compensate for all the fuzzy rules.Furthermore,the Linear Matrix Inequalities(LMIs)are applied to generate adequate cases to ensure stability and control.Convex programming methods are applied to solve the developed LMIs problems.Simulations developed for the proposed model show that the proposed controller stabilized the system with zero tracking error in less than 1.5 s.
文摘Computing students face the problem with time and quality of the work while managing their graduation/senior projects.Rapid Application Development(RAD)model is based on continual user involvement for the process of requirement gathering via prototyping.After each iteration,the developers can validate the requirements that are completed in the iteration.Managing a project with RAD is easier but not flexible.On the other hand,Agile project management techniques focus on flexibility,agility,teamwork and quality based on user stories.Continual user involvement is avoided,which requires extensive maintenance time for fixing iteration and release of the story points.This also makes it necessary to provide onsite training to the users of the application.This research provides the pros and cons of RAD and Agile project management techniques,to help students in deciding the best approach for managing their graduation projects.For the evaluation of these techniques,similar case studies were given to the senior project students(having similar CGPAs)for building similar functionality-based applications.The two projects“Life Organizer”developed and managed using RAD and“Smart Patient Assistant(SPA)”developed and managed through Agile methodology were evaluated against the quality assurance criteria for senior projects.The study found that the project developed with RAD methodology performed 13.33%better in providing extensive and elaborated documentation than the students following the Agile technique.On the other hand,SPA-Agile based project,due to teamwork had 2.5%better implementation than Life Organizer-RAD based project.
基金This work is supported by the Security Testing Lab established at the University of Engineering&TechnologyPeshawar under the funded project National Center for Cyber Security of the Higher Education Commission(HEC),Pakistan。
文摘The use of electronic communication has been significantly increased over the last few decades.Email is one of the most well-known means of electronic communication.Traditional email applications are widely used by a large population;however,illiterate and semi-illiterate people face challenges in using them.A major population of Pakistan is illiterate that has little or no practice of computer usage.In this paper,we investigate the challenges of using email applications by illiterate and semi-illiterate people.In addition,we also propose a solution by developing an application tailored to the needs of illiterate/semi-illiterate people.Research shows that illiterate people are good at learning the designs that convey information with pictures instead of text-only,and focus more on one object/action at a time.Our proposed solution is based on designing user interfaces that consist of icons and vocal/audio instructions instead of text.Further,we use background voice/audio which is more helpful than flooding a picture with a lot of information.We tested our application using a large number of users with various skill levels(from no computer knowledge to experts).Our results of the usability tests indicate that the application can be used by illiterate people without any training or third-party’s help.
基金support of Security Testing-Innovative Secured Systems Lab(ISSL)established at University of Engineering&Technology,Peshawar,Pakistan under the Higher Education Commission initiative of National Center for Cyber Security(Grant No.2(1078)/HEC/M&E/2018/707).
文摘Ransomware is a type of malicious software that blocks access to a computer by encrypting user’s files until a ransom is paid to the attacker.There have been several reported high-profile ransomware attacks including WannaCry,Petya,and Bad Rabbit resulting in losses of over a billion dollars to various individuals and businesses in the world.The analysis of ransomware is often carried out via sandbox environments;however,the initial setup and configuration of such environments is a challenging task.Also,it is difficult for an ordinary computer user to correctly interpret the complex results presented in the reports generated by such environments and analysis tools.In this research work,we aim to develop a user-friendly model to understand the taxonomy and analysis of ransomware attacks.Also,we aim to present the results of analysis in the form of summarized reports that can easily be understood by an ordinary computer user.Our model is built on top of the well-known Cuckoo sandbox environment for identification of the ransomware as well as generation of the summarized reports.In addition,for evaluating the usability and accessibility of our proposed model,we conduct a comprehensive user survey consisting of participants from various fields,e.g.,professional developers from software houses,people from academia(professors,students).Our evaluation results demonstrate a positive feedback of approximately 92%on the usability of our proposed model.
文摘Classical algorithms and data structures assume that the underlying memory is reliable,and the data remain safe during or after processing.However,the assumption is perilous as several studies have shown that large and inexpensive memories are vulnerable to bit flips.Thus,the correctness of output of a classical algorithm can be threatened by a few memory faults.Fault tolerant data structures and resilient algorithms are developed to tolerate a limited number of faults and provide a correct output based on the uncorrupted part of the data.Suffix tree is one of the important data structures that has widespread applications including substring search,super string problem and data compression.The fault tolerant version of the suffix tree presented in the literature uses complex techniques of encodable and decodable error-correcting codes,blocked data structures and fault-resistant tries.In this work,we use the natural approach of data replication to develop a fault tolerant suffix tree based on the faulty memory random access machine model.The proposed data structure stores copies of the indices to sustain memory faults injected by an adversary.We develop a resilient version of the Ukkonen’s algorithm for constructing the fault tolerant suffix tree and derive an upper bound on the number of corrupt suffixes.
基金The authors acknowledge the support of Security Testing-Innovative Secured Systems Lab(ISSL)established at University of Engineering&Technology,Peshawar,Pakistan under the Higher Education Commission initiative of National Center for Cyber Security(Grant No.2(1078)/HEC/M&E/2018/707).
文摘Software reverse engineering is the process of analyzing a software system to extract the design and implementation details.Reverse engineering provides the source code of an application,the insight view of the architecture and the third-party dependencies.From a security perspective,it is mostly used for finding vulnerabilities and attacking or cracking an application.The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics.Nowadays,reverse engineering is widely used for mobile applications and is considered a security risk.The Open Web Application Security Project(OWASP),a leading security research forum,has included reverse engineering in its top 10 list of mobile application vulnerabilities.Mobile applications are used in many sectors,e.g.,banking,education,health.In particular,the banking applications are critical in terms of security as they are used for financial transactions.A security breach of such applications can result in huge financial losses for the customers as well as the banks.There exist various tools for reverse engineering of mobile applications,however,they have deficiencies,e.g.,complex configurations,lack of detailed analysis reports.In this research work,we perform an analysis of the available tools for reverse engineering of mobile applications.Our dataset consists of the mobile banking applications of the banks providing services in Pakistan.Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool.In addition,we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.
