Malware poses one of the most serious threats to computer information systems. The current detection technology of malware has several inherent constraints. Because signature-based traditional techniques embedded in commercial antiviruses are not capable of detecting new and obfuscated malware, machine learning algorithms are applied in identifing patterns of malware behavior through features extracted from programs. There, a method is presented for detecting malware based on the features extracted from the PE header and section table PE files. The packed files are detected and then unpacke them. The PE file features are extracted and their static features are selected from PE header and section tables through forward selection method. The files are classified into malware files and clean files throughs different classification methods. The best results are obtained through DT classifier with an accuracy of 98.26%. The results of the experiments consist of 971 executable files containing 761 malware and 210 clean files with an accuracy of 98.26%.

For decades, the structure of existing power grids has not changed. It is an old structure that depends heavily on fossil fuel as an energy source, and in the future, this is likely to be critical in the field of energy. To solve these problems and to make optimal use of energy resources, a new concept is proposed, called Smart Grid. Smart Grid is an electric power distribution automation system, which can provide a two-way flow of electricity and information between power plants and consumers. The Smart Grid communications infrastructure consists of different network components, such as Home Area Network (HAN), Neighborhood Area Network (NAN) and Wide Area Network (WAN). Achieving the required level of reliability in the transmission of information to all sections, including the HAN, is one of the main objectives in the design and implementation of Smart Grid. This study offers a routing protocol by considering the parameters and constraints of HAN, which, by improving AODV routing protocol, achieves the level of required reliability for data transmission in this network. These improvements include: making table-driven AODV routing protocol, extending the routing protocol to compute multiple paths in a route discovery, simplification and providing the effect of HAN parameters. The results of the NS2 simulation indicate that applying this improved routing protocol in the HAN, satisfies the required level of reliability of the network, which is over 98%.

Today, information collectors, particularly statistical organizations, are faced with two conflicting issues. On one hand, according to their natural responsibilities and the increasing demand for the collected data, they are committed to propagate the information more extensively and with higher quality and on the other hand, due to the public concern about the privacy of personal information and the legal responsibility of these organizations in protecting the private information of their users, they should guarantee that while providing all the information to the population, the privacy is reasonably preserved. This issue becomes more crucial when the datasets published by data mining methods are at risk of attribute and identity disclosure attacks. In order to overcome this problem, several approaches, called p-sensitive k-anonymity, p+-sensitive k-anonymity, and (p, α)-sensitive k-anonymity, were proposed. The drawbacks of these methods include the inability to protect micro datasets against attribute disclosure and the high value of the distortion ratio. In order to eliminate these drawbacks, this paper proposes an algorithm that fully protects the propagated micro data against identity and attribute disclosure and significantly reduces the distortion ratio during the anonymity process.

Alert correlation is the process of analyzing, relating and fusing the alerts generated by one or more Intrusion Detection Systems (IDS) in order to provide a high-level and comprehensive view of the security situation of the system or network. Different approaches, such as rule-based, prerequisites consequences-based, learning-based and similarity-based approach are used in correlation process. In this paper, a new AIS-inspired architecture is presented for alert correlation. Different aspects of human immune system (HIS) are considered to design iCorrelator. Its three-level structure is inspired by three types of responses in human immune system: the innate immune system's response, the adaptive immune system's primary response, and the adaptive immune system's secondary response. iCorrelator also uses the concepts of Danger theory to decrease the computational complexity of the correlation process without considerable accuracy degradation. By considering the importance of signals in Danger theory, a new alert selection policy is introduced. It is named Enhanced Random Directed Time Window (ERDTW) and is used to classify time slots to Relevant (Dangerous) and Irrelevant (Safe) slots based on the context information gathered during previous correlations. iCorrelator is evaluated using the DARPA 2000 dataset and a netForensics honeynet data. Completeness, soundness, false correlation rate and the execution time are investigated. Results show that iCorrelator generates attack graph with an acceptable accuracy that is comparable to the best known solutions. Moreover, inspiring by the Danger theory and using context information, the computational complexity of the correlation process is decreased considerably and makes it more applicable to online correlation.

Alert correlation is a process that analyzes the alerts produced by one or more intrusion detection systems and provides a more succinct and high-level view of occurring or attempted intrusions. Several alert correlation systems use pairwise alert correlation in which each new alert is checked with a number of previously received alerts to find its possible correlations with them. An alert selection policy defines the way in which this checking is done. There are different alert selection policies such as select all, window-based random selection and random directed selection. The most important drawback of all these policies is their high computational costs. In this paper a new selection policy which is named Enhanced Random Directed Time Window (ERDTW) is introduced. It uses a limited time window with a number of sliding time slots, and selects alerts from this time window for checking with current alert. ERDTW classifies time slots to Relevant and Irrelevant slots based on the information gathered during previous correlations. More alerts are selected randomly from relevant slots, and less or no alerts are selected from irrelevant slots. ERDTW is evaluated by using DARPA2000 and netforensicshoneynet data. The results are compared with other selection policies. For LLDoS1.0 and LLDoS2.0 execution times are decreased 60 and 50 percent respectively in comparing with select all policy. While the completeness, soundness and false correlation rate for ERDTW are comparable with other more time consuming policies. For larger datasets like netforensicshoneynet, performance improvement is more considerable while the accuracy is the same.