Volume 4, Issue 12, December 2012

Assessment of Potential SQL Injection Threat into the Design Phase

S. Hedayatpour and S. Chuprat

Different statistical reports show rapid increasing in the number of security incidents caused by malicious software and software bugs. In facing with security threats, static and dynamic analysis tools address the main security features that have been used for the years but unfortunately there is still a big problem in deal with these tools where the cost of fixing all type errors in implemented software is several times more than the cost of fixing errors at the design level. This research provides a new method of security analyze base on known properties and behaviors of SQL injection attack to enhance the security resistance of the developing software against this attack. This security analysis provides valuable information for developers and helps them to improve the resistance of the developing software against SQL injection in early phase of software design.

Keywords: security incidents, security threat, security analysis, security resistance, SQL injection, software design, risk assessment

When Do Refactoring Tools Fall Short

Muhammad Taimur Khan and Javed Ferzund

Refactoring is the process of transforming code by preserving its behavior, to make it more maintainable and to improve its design. A particular refactoring is identified by a specific name, some preconditions and a set of needed transformations. Refactoring is a nontrivial and time consuming task because a lot of preconditions may need to be evaluated and transformations may affect a number of code locations. So, efficient and reliable tool development for refactoring is needed. A number of tools have been developed but analysis of these tools in terms of refactoring support and application to real projects is lacking. In this paper we present an empirical study to show the extent of refactoring provided by the major refactoring tools available to-date. We evaluate the performance of famous refactoring tools by applying them on large, real projects. It is found that most of the tools fall short in application of various refactoring types on large projects.

Keywords: Empirical Studies, Refactoring Tools, Software Metrics, Software Refactoring

Overflow Detection Scheme in RNS Multiplication Before Forward Conversion

M. I. Daabo and K. A. Gbolagade

Overflow detection is one of the major issues that preclude Residue Number System (RNS) usage in general purpose computing. Contemporary authors have presented various schemes that rely on either the Chinese Remainder Theorem (CRT) or the Mixed Radix Conversion (MRC). This paper presents an overflow detection scheme in RNS multiplication before forward conversion.[...]Our proposal is a multiplicative overflow detector, which does not require computations involving the use of the time consuming CRT or MRC. The newly proposed scheme utilizes lesser modulo computations and hence has the advantage of having smaller hardware architecture with lesser delay.

Keywords: Residue Number System, Multiplicative overflow detector, Dynamic Range. CRT. and MRC

Prioritization of Detected Intrusion in Biometric Template Storage for Prevention using Neuro-Fuzzy Approach

Maithili Arjunwadkar and R. V. Kulkarni

The biometric authentication process is vulnerable to attacks, which can decline its security. To enhance the security of biometric process, Intrusion detection and prevention techniques are significantly useful. In this paper, a Neuro-Fuzzy approach is used to decide priorities for detected intrusions in biometric template storage to implement preventive actions. A Neuro-Fuzzy approach is used. We used FuzzyJess and Java to achieve this prioritization. Priority table is produced as output which is useful to security administrator to implement preventive actions for detected intrusion in biometric template storage.

Keywords: Biometric template, intelligent agent, Java Expert System Shell(JESS), FuzzyJess, fuzzy logic

An Approach to Linear Spatial Filtering Method based on Anytime Algorithm for Real-time Image Processing

Wyne Wyne Kywe and Kazuhito Murakami

Real-time image processing system requires not only correct but also for the imperfect timely output with deadline satisfaction. It still has the problem that to realize the imperfect but usable result at available processing time. In order to solve the above problem, this paper proposes an approach to image enhancement method in spatial domain based on convolution and the concept of anytime algorithm for real-time image processing system. First, we construct sub-masks by dividing the filter mask. Then, we evaluate anytime spatial function according to the concept of anytime algorithm for the out-puts of linear spatial filtering. In order to produce the intermediate results, some of image enhancement tasks such as noise reduction, edge detection and sharpening are performed by these sub-masks step by step. The combination of above image enhancement tasks can also be performed by giving the sub-mask number as parameters under time restriction. The experimental results show that the intermediate result of each task and the overall result of combination of above tasks can be obtained at available processing time with better image details. It shows the possibility of our proposed method and it is useful for the real-time image processing system under time restriction.

Keywords: Anytime algorithm, image enhancement, real-time image processing, spatial filtering

E-mail Classification in An Instance-Based System Using Header Information and Text Mining Techniques

E. ParsaeiMehr, M. Ganj and E. BehroozianNejad

The increasing volumes of unsolicited bulk e-mail, known as spam, are bringing more annoyance for most internet users. However, using several machine learning techniques have been proposed, an instance-based system has less false positive error. In this paper we presented an instance-based system in which training spam data set is clustered. Our evaluation shows that this new system not only has as much false positive error as simple instance-based system, but also it has better response time. Furthermore, we analyzed time field in header information of e-mails in order to survey if there is any especial pattern in the time in which spammers send a spam.

Keywords: Text mining, classification, clustering