Sharif Digital Repository

The security and convenience of digital payment methods have made them an essential part of people's daily lives. As a result, the possibility of using these methods in an offline environment without the need to communicate with the payment service provider is of great importance. To make this possible, a digital currency system should enable users to securely control their assets without the help of an intermediary and act according to established laws to combat financial crimes. Otherwise, this system will not be usable by the public or on a large scale. To solve this problem, a scheme with the possibility of offline payment by customers, prevention and detection of double spending by... 

The widespread use of the Android operating system has made it an attractive target for attackers. In the field of malware identification and mitigation, the use of machine learning methods has seen significant advancements due to their ability to identify unknown malware. One of these methods is graph-based techniques in constructing malware detection systems, which have achieved high success rates in identifying malware. However, machine learning methods suffer from the vulnerability of being misled by adversarial examples. One important aspect in both malware detection systems and adversarial attacks is the limitations imposed on software modification. Any changes made to the application... 

Attacks on Android devices often take the form of repackaging. Attackers change a well-known app that has been downloaded from the app store, reverse engineer it, add some malicious payloads, and then upload the modified app to the app store. Because it is difficult for users to distinguish between the changed app and the original app, users can be easily duped. The malicious code inside the modified apps can launch attacks after they are installed, typically in the background. There are so many repackage detection method proposed during last years of researches in this area. developing an approach to detect android repackaged application should contains two main goal, speed and accuracy of... 

With the growing trend of IoT, especially in critical areas like health system and city management, and the expectations of even higher growth with the advent of 5G networks, the security and preserving of users' privacy in IoT has gained significant importance. Anomaly detection is one of the approaches to monitor IoT devices which enables the identification of anomalous behaviors. This anomalous behavior could indicate malware infection, physical malfunctions, or tampering.Deep learning has been a common approach for anomaly detection for the past few years. The solutions are mostly suggested in a special purpose manner and because they are based on a particular deep learning model, they... 

In recent years, one of the research interests is ensuring the integrity of computations done on data received from multiple data sources. Limited research has been done to ensure the integrity of computations that the output depends on data generated by different data sources. However, there are many solutions for systems that the input data is generated by a single data source. In this thesis, ensuring the integrity of multi-source aggregate functions and general functions are investigated in an untrusted server. To verify the integrity of aggregate functions, first of all, we present a construction for verifying the results of linear functions using the RSA signature. It should be noted... 

With the increasing use of mobile smartphones, securing the information and protecting the mobile users’ privacy is one of the important subjects in this context. Android, as one of the most popular operating systems for smartphones, uses strategies to provide system security and user privacy; one of these strategies is permission system. Applications should get permissions from users to access their sensitive data. Most related researches and the android itself, focuses on granting or revoking permissions to the program in a way that it doesn’t misuse the user’s sensitive data, but most of the time, the purpose of accessing data is not obvious and the user doesn’t have enough knowledge... 

Today, smart devices have become an integral part of everyday life. The Android operating system is also the most popular operating system of these devices, and as a result, various malwares are produced and distributed for this operating system every day. This makes it especially important to investigate these malwares. This includes finding people involved in the development and distribution of malware, as well as discovering other malwares created by them. Discovering other involved entities, such as social media accounts, websites, Android store accounts, and taking steps to prevent malware from being distributed by them is another aspect of this story. In order to deal with organized... 

Advanced Persistent Threats (APTs), use hybrid, slow, and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to make detection difficult for such detection systems. In addition, these attacks use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this... 

The expansion of technology and the increasing use of mobile devices and smartphones have aected various aspects of personal and social life. These include the use of personal mobile devices in enterprise environments called BYODs have a number of positive and negative eects. On the one hand, it would be more cost-eective for an organization or business environment for users to use their own devices, but on the other hand, it poses numerous security and information challenges that are important to manage. These include disrupting the user’s privacy or disseminating organization information to personal devices and thus violating the organization’s security policies. In this study, a model is... 

Developing an android application from scratch is a time-consuming and expensive process, but modifying an existing and similar application is much easier. Modifying an android application, which is called repackaging, is done for different purposes. Cracking non-free android applications, modifying advertising libraries code, adding malicious payload to benign ones and redistributing known malwares are some of the important purposes. Existing methods for confronting android application repackaging can be divided into three categories: 1) based on comparing with the original application, 2) based on changing the original application, 3) based on changing the android platform. Methods in the... 

Smart grids are the new generation of power grids that combine the power distribution grid with the communications network. The purpose of these networks is to create a secure, two-way infrastructure for the transmission of power and information. The complex structure of smart grids, along with the inherent vulnerabilities of physical systems, old devices and protocols on the network and the need for backward compatibility, have created serious cyber risks to critical assets and infrastructures. The difference between these types of networks and conventional computer networks has made the security mechanisms developed in conventional computer networks not very suitable for these types of... 

The long-term Attacks are some special multi-level attacks which remain inside of systems for a long time to finally perform the damage. One of the most famous kinds of these attacks is Advanced Persistent Threats. These kinds of attack are low-level, distributed inside of the network and their goal is stealing information or corrupting a process in the organization. Banks are one of the most vulnerable organizations which have suffered from these attacks, so the main purpose of this research is detecting them and give warning to the security admin. The goal of financial APTs is stealing money and to achieve that, they have to create some transactions and send them to the core banking. We... 

Due to increasing web-based attacks against web applications and inefficiency of intrusion detection and prevention systems for detecting and preventing web attacks in the application layer, web application firewalls (WAF) developed to deal with this problem. There are most common attacks affecting today’s web applications like SQL Injection (SQLi), Cross-Site Scripting (XSS) and Logical attacks. The Logical attack focuses on the abuse or exploitation of a web application’s logic flow, and unlike SQLi and XSS, it depends on the web application functionality. Nowadays, there are a lot of methods for designing a WAF which are divided into two categories: Signature-based and Anomaly-based... 

Advanced Persistent Threats (APTs) by multi step , low-level and sometimes slowmoving behaviors try to hiding malicious behaviors. These attacks are complex, costly and the attacker violates the security policy explicitly or implicitly by distributing his or her behavior to multi agents and infiltrate trusted subjects. One of the challenges is the discovery of these attacks in the early stages of the attack and before the complete violation of confidentiality. the lack of deep intercepting of events, content with intrusion detection systems warnings, the lack of simultaneous tracking of host and network-level events and the lack of real-time processing is limitations of existing detection... 

In electronic health, data is stored and retrieved electronically at the local or national level for clinical, educational and administrative purposes. The importance of data from citizens, patients, professionals and providers of healthcare and policy-makers points of view make it a valuable asset. In recent years, we confront the emergence of the Internet of Things and its widespread use in electronic health. In this area, health sensors such as a heart rate sensor, a blood glucose sensor, or a respiratory sensor provide information about each person that can be sent through the network to the physician. Such a continuous remote monitoring allows physicians to take better care of patients... 

In recent years, the increase in the pace of data generation and costs of maintaining personal servers resulted in the demands for cloud-based services. Map-Reduce model is a programming model for parallel computations in distributed environments such as public clouds. While this model facilitates the process of big data for customers, there are concerns that the integrity of computation is violated since cloud owners are motivated to reduce the costs. To solve this problem, different approaches are proposed in four general categories which there are constraints and flaws in each of them. These four categories are such as based on replication, watermarking, report analysis and based on... 

The rapid growth of Android operating system alongside its open-source nature has made it as the most popular operating system of mobile devices. On the other hand, regarding the increasing computational power of mobile devices, a wide variety of applications are coming to this type of devices. Meanwhile unfortunately many malicious softwares trying to keep up with other applications, are targeting this popular operating system. Therefore with regard to the fact that this type of devices usually store private and sensitive information of their users, security of mobile operating systems is considered very important. Having this matter in mind, the goal of this research work has been... 

Privacy preserving data mining helps organizations and companies not only to deal with privacy concerns of customers and regular limitations, but also to benefit from collaborative data mining. Utilizing cryptographic techniques and secure multiparty computation (SMC) are among widely employed approaches for preserving privacy in distributed data mining. The general purpose of secure multiparty computation protocols to compute specific functions on private inputs of parties in a collaborative manner and without revealing their private inputs. Providing rigorous security proof of secure multiparty computation makes it a good choice for privacy preservation, despite of its cryptographic... 

Protecting sensitive data stored in database systems, especially in outsourced ones, has become a major concern in many organizations. One of the main possible solutions is to encrypt data before storing them on databases. Bucket-based encryption is among different approaches proposed to accomplish this goal which besides its various benefits, suffers from generating false-positive results. Multi-join queries are one of the most important operations in database systems and their usage grows rapidly in comparison to other types of queries by increasing the size of stored information. While using the decision support systems and data mining solutions are growing continuously, executing... 

An important class of applications which have been rapidly growing recently is the one that create and use time series data. These types of data sets are ordered based on the timestamps associated to their data items. In practice, traditional relational databases are unable to satisfy the requirements of these data sets; however, NoSQL databases with column-wide data structure are appropriate infrastructure for them. These databases are very efficient in read and write operations (especially for time series data, which are ordered) and are able to store unstructured data. Time series data may contain valuable and sensitive information; hence, they should be protected from the information...