CHAPTER II

REVIEW OF LITERATURE

Security management involves finding several assets in an organization

(include masses and infrastructure) and developing the system such that it

provides protection for privacy, integrity and availability of the system. Security

management protects organizations from intruders, which could be a hacker or

malware. Hacker breaches security of an organization makes cybercrime such as

credit card fraud, identity theft, cyber stalking, IP spoofing and phishing. Security

management plays a significant role in achieving enhanced security as well as

delivering quality of service in an optimized manner.

Researchers have provided significant attention on examining the issues

concerning the security management in network of computers. After doing a vast

literature survey on security management, it is observed that in traditional security

management port and protocol filtering was done. With the usage of more of open

sources system and increase in knowledge of skilled attacker. Our system has

become more vulnerable for the cyber-attack. The classical security management

objective is fairly different than the objectives of the security management in the

next generation cyber environment. With outburst increase of internet usage new

technology and lack of knowledge to masses of cyber risks opens new window for

a cyber-attack. Although, much literature is available on efficient security

management technique, very few research works is available related to the

optimization of security management techniques in cyber environment. The

significant research work in different aspects of cyber security has been carried

out only during the last ten years.

… Ph.D. Thesis by Priyanka Chaudhary 29

 Chapter II
Review of Literature

As the growing usage of technology in a daily life is getting more

dependent on technology, more and more people are connected with the cyber

world, which is now attracting more cyber criminal by which increase every day

more cyber criminals and their criminal task. These criminals can easily use

Internet to do such kind of conventional crime such as sex trafficking, illicit drug.

In addition, they also affect the cyber world which aids the crime which often use

technology to commit cyber crime such as credit card fraud, intellectual property

theft and cyber bullying. So cyber security management technique has become

very vital problem in our society. In such cyber world, conventional security

management techniques fail to capture the more suitable technology requirement

of user. Gunjan et al. (2013) have described that cybercrime is criminal activities

included with the cyber environment where ever a network is included and the

process achieve to control the issue of cyber-security [21]. Jamieson et al. (2012)

have defined it as a deep comprehensive study of proof of crime by utilizing the

idea of hierarchical classes and clarified clear structure for crime management.

All these are characterized according to the present status of cyber laws and

introduced a solution for the minimization of the crime [48]. Solms et al. (2013)

have defined that Information security is the protection of information (of masses

and infrastructure), which is an open asset for conceivable damage because of

different dangers and vulnerabilities [49]. Manuputty et al. (2013) have stated that

the internet has turned into worldwide phenomenon, various advantages and

drawbacks (crimes) which are being gotten and conferred through the web. To

adopt with its advantages and drawbacks, cyber security is expected to ensure

person to utilize internet securely [50]. Mesko et al. (2011) have described the

… Ph.D. Thesis by Priyanka Chaudhary 30

 Chapter II
Review of Literature

view of cybercrime and evaluated its perception. And also furthermore

characterize a few rules on how to raise awareness, diminishing risk and thereby

diminishing the fear of cybercrime in Slovenia [51].

Evangelopoulou and Johnson (2015) have described an empirical structure

for executing Situation Awareness Measurement method in Network Defense

surroundings that how to quantify Situation Awareness in a computing network

system will be offered in two primary parts. The first one will incorporate the

system of networking infrastructure. The second part will be centered on

indicating which Situation Awareness method will be utilized and which Situation

Awareness basic inquiries should about request made to enhance future decision

making in cyber-security [52]. Benenson et al. (2011) have organized around the

landscape of cybercrime containing its three main groups of actors such as

aggressors, clients and agents and their primary role is to exercise the shortfalls:

attack and avoidance for assailants, awareness and training for victims, evidence

extraction and examination for investigators [53]. WoM-based MCS design by

Wang et al. (2017) have described a common application, in which they separate

into parts Internet-scale and local scale and at point methodically summarize the

main specialized difficulties, including crowd worker enrollment, incentive

design, security and protection, information quality control and they compare

typical solutions [54]. Barghuthi and Baker (2014) have described the talked about

the idea of ethics and reasons that prompted utilized data technology in a military

war, the impacts of utilizing cyber war on common people, the legality of the

cyber war and method of controlling the utilization of data technology that might

be utilized against common person [55].

… Ph.D. Thesis by Priyanka Chaudhary 31

 Chapter II
Review of Literature

Rege et al. (2017) have utilized unique mixed methods of qualitative

observations and quantitative data science to address three goals: first one is

giving a quantitative structure for temporal examination of the cyber-attack forms

by making a time series representation of the qualitative data , second one is

utilizing data science strategies like hierarchical clustering analysis on the initiated

time sequence information to complement and supplement of cyber-attack

mechanism and last one is understanding how adversaries adapt amid the

interruptions by protectors [56]. Stabek et al. (2010) have described that by the

utilization of web, cyber crime is a danger to the field of economy [57]. Wu.et al.

(2013) have introduced a framework that is named FARE that reduces financial

losses for benchmarking reliability of cyber-physical model is discussed [58].

Wagner et al. (2014) have explained a mechanism with the use of Fuzzy Sets

(FSs) for minimizing any loss of information in which we transmit interval based

data into FS mechanism, and also avoiding as much as expected assumptions

about the distribution of the information has been discussed in [59]. Kumar et al.

(2013) have introduced a technique for identifying for Malware based on API call

sequences utilizing with content and data mining, a static analysis strategy is

discussed [60].

Stoughton et al. (2017) have provided explanation to the most important

mechanisms for an adequate Searchable Symmetric Encryption scheme. They

show that Foundational Cryptography Framework is well-appropriated for

analysis about cryptographic plans in the computational model that highlights

trusted computing based method and extensible design as discussed in [61]. Roslin

et al. (2014) have suggested a standardized image encryption mechanism by

… Ph.D. Thesis by Priyanka Chaudhary 32

 Chapter II
Review of Literature

which hacker cannot crack the image [62]. A novel symmetric key encryption

strategy is introduced by Ali et al. (2016) that support a keyword field free

approach for conjunctive keyword search on encoded file without expecting to

indicate the places of the keywords where the keywords could be in any arbitrary

manner [63]. Wei et al. (2017) have introduced a novel OTFEP (one-time file

encoded) approach that incorporate reliable cryptographic methods that fulfill

specific security requirements [64]. A mechanism have illustrated by Yu et al.

(2004) that is following with the frequency of occurrences of alphabets by

utilizing ant colony optimization using roulette wheel selection algorithm [65].

Shah et al. (2014) have introduced a Cryptography method based on

ASCII value for the data security problem [66]. Uddin et al. (2014) have

explained a novel cryptographic technique which is based on number of ASCII

conversions and a mathematical cyclic function [67]. Raj-Vincent et al. (2013)

have proposed a technique for network security in which they consider various

layers of security rather than supportive single layer [68]. Sasi and Sivanandam

(2015) have introduced an ant Colony Optimization Key Generation method for

secure data transfer that is based on the image encryption method is discussed in

[69]. Cryptographic mechanisms is proposed by Camargo et al. (2015) to evaluate

for ensuring medical in the connection of mobile applications [70]. A technique is

introduced by Parthasarathy et al. (2015) in which they utilize three distinctive

wavelet for encoding an image along with the password [71]. An algorithm is

illustrated by Amalarethinam et al. (2015) that are dependent on Message

Encoding technique for security reasons which deliver preferable execution to

think about over existing is discussed [72]. Salim et al. have introduced a security

… Ph.D. Thesis by Priyanka Chaudhary 33

 Chapter II
Review of Literature

technique to secure the information, i.e. in the view of Advanced Encryption

Standard [73]. Improved Elliptic Curve Cryptographic methods for security reason

is introduced by Regina et al. that discussed in [74]. Sharma et al. (2009) have

introduced a cryptographic mechanism is carried out for utilizing through

quasigroup-based endomorphic [75].

Charleonnan (2016) has designed a technique that operates on three

different classifier such as MLP, NB and Naive Bayes algorithms and is named as

RUSMRN for evaluating the correctness task with the unbalance datasets. This

method emphasizes data of a taiwan credit card organization for gathering

customer’s behavior in payment through credit card [76]. Malini et al. (2017) have

introduced a technique that adapts KNN algorithm and outlier detection that

provide efficient solutions for the fraud detection problem. This method also

reduces the false alarm rate and increases the rate of the fraud detection [77].

Ghobadi et al. (2016) have introduced a model that is based on two different

approaches such as an Artificial Neural Network and meta cost procedure. The

first approach is used prevention and detection for credit card fraud and the

second approach is used for decrease risk reputation and risk of loss [78].

Bahnsem et al. (2015) have designed method that is based on the periodic

feature for real credit card fraud record that is provided by the European card

processing company [79]. Mareeswari and Gunasekaran (2016) have proposed a

method for credit card fraud detection that is based on modification of existing

approaches that reduce the following issues such as scalability, time constraints

and imbalanced class [80]. A mechanism iris authentication is introduced by

… Ph.D. Thesis by Priyanka Chaudhary 34

 Chapter II
Review of Literature

Rahimi et al. (2009) which is used to identify theft in terms of e-commerce

transactions. Iris pattern is special type of pattern for all individual and it is most

secure biometric strategy that is performed by the utilizing image handling [81].

Murdoch et al. (2010) have introduced an EMV method that provides facility to

secure credit and debit card transaction confirmed by both card and customer that

is conceivable through a cryptographic code likewise digital signature and entry of

a pin [82]. Sherly et al. (2010) have introduced an approach to develop an

effective fraud detection structure which is a consolidated form of classification

and clustering technique [83]. Lee et al. (2013) have introduced a method for

distinguishing the presence of outliers from tremendous information with the

assistance of a web based updating is described in [84]. Gupta and Sharma (2011)

have introduced multiple encryption method which has been created for safe

transaction framework by which there is enhancement in the security level of

secret information [85].

Boping and Shiyu (2009) have introduced a hierarchy protection control

mechanism to enhancing the safety of the SET protocol with a bring-in electronic

business transaction certificate authority which takes care of these issues is

discussed in [86]. Dadhich et al. (2014) have introduced an algorithm which

consolidates different types of technique, for example, genetic algorithms,

immune computing, crossover and mutation operators and fuzzy framework that

keep up the diversity and optimization of applicant objects is discussed in [87].

Ingole and Thool (2013) have suggested a Hidden Markov Model (HMM)

mechanism that is in sequence to the operation in the get ready of credit card

transaction. On the off chance that HMM acknowledged an approaching credit

… Ph.D. Thesis by Priyanka Chaudhary 35

 Chapter II
Review of Literature

card transaction to approve the exchange with high probability. In the event that it

is not at that point card is not valid and thought to be fake transaction [88].

Herenjand and Mishra (2013) have introduced an another multilayered

detection technique that is totally based on data-mining methods which is

managed with real social connections, discovers spikes in replicating and lastly

assigns fishy scores that help to recognize the fraud in the framework [89].

Tripathi and Ragha (2013) have proposed a hybrid procedure based model to

distinguish credit card fraud is discussed in [90]. Falaki et al. (2012) have

explained model that is based probabilistic approach for identifying the credit card

system [91]. Prakash and Chandrasekar (2013) have introduced a model for

improving credit card fraud detection that is based on optimization technique [92].

Kumar and Raj (2012) have introduced a HMM based model by incorporating

different fields for example, client profile and only spending profile. Also,

simulation comes about which demonstrate the change in True Positive and True

Negative rates and also diminishes the chances of both false negative and positive

[93]. Duman and Ozcelik (2011) have defined a novel mix of the two well

known meta heuristic methodology into the particular genetic algorithm and the

Scatter search which can be connected together to enhance security of credit card

[94].

Phua et al. (2009) have suggested a technique that is referred as a

Communal Analysis Suspicion Scoring (CASS) and is used for making numeric

suspicion scores for the streaming in the objective of credit card fraud detection

[95]. Gupta et al. (2012) have introduced an actualized hybrid encryption

… Ph.D. Thesis by Priyanka Chaudhary 36

 Chapter II
Review of Literature

technique which incorporates the two most prominent RSA technique and Diffie

Hellman technique to fulfill greater security structure over the framework [96].

Nagar et al. (2012) have introduced a novel offline RSA key generation

methodology of RSA method with some adjustment of Keys Exchange [97].

Dhakar et al. (2012) have introduced a RSA technique with some modification

that utilize extensive prime number since cracking the extensive prime number is

a very challenging task that provide higher security and execution [98]. Wang et

al. (2013) have introduced a technique utilizing RSA algorithm [99]. Saveri et al.

(2012) have described the demonstration of the comparison between ECC and

RSA algorithm in the smart card application has been discussed in [100].

Vijayalakshmi et al. (2012) have introduced a technique named as Identity-Based

Authenticated New Multiparty Key Agreement Protocol for card detection [101].

Dubey et al. (2011) have explained a novel strategy for resource authentication

using RSA and MD5 algorithm [102]. Sharma et al. (2011) have introduced a

RSA algorithm with some alteration and utilizing with some alteration of the

knapsack is discussed in [103]. Ren et al. (2010) have introduced an algorithm for

bluetooth communication system in which the technique is incorporated with DES

algorithm and RSA algorithm is discussed in [104].

Another strategy is introduced by Ivy et al. (2012) in which they have

proposed a technique utilizing with some alteration of RSA cryptosystem that is

employed with four prime numbers is portrayed in [105]. Ishwarya et al. (2012)

have introduced a novel method by utilizing with RSA for Anonymous and

confidential database is discussed in [106]. Vijay et al. (2012) have introduced a

novel variant of RSA digital signature is defined as difficulty of factorization to

… Ph.D. Thesis by Priyanka Chaudhary 37

 Chapter II
Review of Literature

tackle a security related issues in [107]. Ashioba and Yoro (2014) have

introduced a method in which object are encapsulated, associated using attributes

and they enable sender and recipient utilizing object oriented programming

language in RSA algorithm [108]. Kapoor et al. (2013) have introduced a method

that uses more than two prime number prime number and numerous key [109].

Kaur et al. (2016) have proposed a method malware detection of clone that

is based on the clone detection method utilizing with “String Pattern Back

Propagation” to fulfill and achieve better conclusion is discussed in [110].

Mazurek et al. (2013) have expressed strategy of data collection, especially the

numerous precautions to diminish uncertainty to clients and after that consider

how to guess number of password while regarding in offline attack [111]. Kelley

et al. (2012) have proposed an effective distributed approach that expressed the

study of 12,000 set of passwords under seven composition schemes through an

online study for evaluating how effective numerous heuristic password guessing

technique to crack the password [112]. Dyer et al. (2017) have introduced an

approach that is based novel cryptographic technique, named format-transforming

encryption. This expands conventional symmetric encoding method with the

ability to translate the ciphertext into defined text [113].

Dürmuth et al. (2012) have proposed an approach that is based on state-of-

the-art parallel computing framework for detecting password cracking attack

[114]. Mordinyi et al. (2015) have illustrated a strategy that considers the issues of

versioning associated architecture view amid the engineering of CPPSs to fulfill a

mechatronic view on the designing artifact [115]. Yu et al. (2008) have defined an

… Ph.D. Thesis by Priyanka Chaudhary 38

 Chapter II
Review of Literature

architecture that expresse multi-tiered SOA includes Mobile client, Web services,

Security Agents, business logic layer, data access layer and database for security

in data transfer. This architecture also provides facility for safe data transfer such

as user identification information between server server and mobile client utilizing

with SAML [116]. Rybnicek et al. (2013) have described an agenda for

identifying the threat in facebook, these threats are depicted by different procedure

such as image analysis, social media analytics, and text mining techniques with a

motive to bring the problem of ongoing cyberattacks [117]. Apostal et al. (2012)

have designed an HPI architecture defined with three dictionary based password

technique that utilizes MPI for diminish the latency, provide facility between the

device in terms of communication and it is also utilizing CUDA [118]. Nguyen et

al. (2015) have described an approach that is some enhancement of Persuasive

Text Passwords (PTP) methodology and also define comparison with few other

password schemes is discussed in [119]. Farmand et al. (2010) have designed a

graphical based, password methodology that is based on modification of the

existing graphical password methodology with the solution of two password

problem usability and scalability [120].

Prabu et al. (2015) have described methodology using Three-Tier

methodology with the concern the level of data security, verification,

confidentiality and utilizing segmentation and CSA for averting in information

leakage [121]. Sriramya et al. (2015) have introduced an algorithm that contains

salt hash technique combine with Bcrypt algorithm for enhancing a security level

in Shopping [122]. Chen et al. (2009) have developed a bind decoding technique

… Ph.D. Thesis by Priyanka Chaudhary 39

 Chapter II
Review of Literature

that contains RSA technique for providing facility to customer in online

purchasing that does not contain transformability of RSA digital signature [123].

A novel lightweight method is developed by Sulatana et al. (2015) for

provenance validation and reorganized at the base station [124]. Halderman et al.

(2005) have described a method that generates safe password by using

cryptographic hash functions for arbitrarily numerous record and user needs to

memorize a small password for recalling. This method fully operates on client

side and no changes are requiring in client side [125]. A method is designed by

Khayal et al. (2009) that operates with password hashing techniques for

generating a secure password [126]. Islam et al. (2008) have described a method

that enhance a level of security via AES methodology and demonstrate the

comparison with Rijndal algorithm in context of key size [127]. A password-based

key derivation function scrypt is defined by Percival et al. (2012) in which the

function obtains more than one secret key from secret string. This method

provides more security against attack with custom hardware depends on memory

hard function [128]. A novel efficient algorithm is known by SHA-192 is

introduced by Lakshmanan et al. (2012) that altered a digital security algorithm

operating with scheduled SHA-192. This method is efficient for various

applications, for example random generator, digital signcryption, message

authentication code, etc. for enhancing the level of security [129]. Malathi et al.

(2011) have suggested a mechanism with some alteration of two different types of

algorithm likewise MV algorithm and Apriori algorithm for identification of crime

patterns. It also applies on the real crime data [130].

… Ph.D. Thesis by Priyanka Chaudhary 40

 Chapter II
Review of Literature

Aburrous et al. (2009) have suggested a technique for e banking phishing

website which consist two different algorithms likewise Fuzzy logic and Data

Mining algorithms [131]. Martino and Perramon (2008) have introduced an

approach for safe operation of a web environment, for easy application with

minimum impact to the present Internet banking structure [132]. Isohara and

Siadati (2011) have introduced a prototype framework and analysis 230

applications and demonstrate how a malicious attack in the unknown applications

can be detected by the system [133].

A network structure have proposed that consist two layer designing by

Gao et al. (2013) to replicate virus propagation via two different technologies such

as Bluetooth and SMS [134]. A novel architecture is designed by Cesare et al.

(2013) which is known as Malwise for classification of malware using two

different technologies first one is fast application level emulator and the second

one is a flow algorithm that is based on graph matching [135]. McRae and

Vaughn (2009) have explained an approach by using two different technologies

such as WEB bugs and honey token with a specific goal to find a phisher to the IP

address of the phisher’s workstation as opposed to innocent machines utilized as

intermediaries [136]. An effective method is defined by Fu. et al. (2006) for

identifying a phishing web page that uses Earth mover's distance (EMD) [137].

Mobile based anti-phishing method has introduced by Memon et al. (2013) that

use mid-range mobile phones and provide protection of financial losses by

creating three types of indications is known as vibration, flashing and text alert

based warning [138]. Smart device is introduced by Han et al. (2007) for phishing

detection which pre-collect login user interface information [139]. Sharfi and

… Ph.D. Thesis by Priyanka Chaudhary 41

 Chapter II
Review of Literature

Siadati (2008) have described an Anti-Phishing Authentication technique that

provide facility for identifying and protection from real time phishing attacks

which uses two different methods likewise two way authentication and zero-

knowledge password proof [140]. A phishing detection strategy is introduced by

Afroz et al. (2009) is named as PhishZoo that uses fuzzy hashing techniques for

providing protection from phishing [141]. A technique has introduced by Dunlop

et al. (2010) provide protection from phishing with high probability that contains

different approaches such as capturing of image and next optical character

recognition for changing the image into a text and after that use page ranking

algorithm [142]. Mafario et al. (2015) have designed a personalized security

indicator from the protection of phishing attack in term of mobile [143]. Wu et

al. (2016) have introduced a new mobile platform based anti phishing technique is

known as MobiFish that verify the validation of an application of web page and

show the comparison with an actual identity with the claimed identity

[144]. Cooley et al. (2014) have introduced an approach that expresses security

vulnerability in the context of the android platform [145]. Buber et al. (2017) have

introduced a model that uses Natural Language Processing are the part of data

mining technique, the objective of this model analysis the URLs in phishing attack

[146]. Shirazi et al. (2017) have proposed architecture for phishing website,

named “Fresh Phish”. This architecture does not consider only part of accuracy, it

also how long it takes to prepare architecture [147]. Futai et al. (2016) have

proposed a phishing detecting approach that is based on Graph Mining with Belief

Propagation [148].

… Ph.D. Thesis by Priyanka Chaudhary 42