Proceedings of the Second International Conference on Electronics and Renewable Systems (ICEARS-2023).

IEEE Xplore Part Number: CFP23AV8-ART; ISBN: 979-8-3503-4664-0

Advanced Machine Learning Approach for

Suspicious Coded Message Detection using Enigma
Cipher
2023 Second International Conference on Electronics and Renewable Systems (ICEARS) | 979-8-3503-4664-0/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICEARS56392.2023.10085339

Syed Hussain
Computer science and Engineering Dr. Pakkir Mohideen S
Department Computer Application Department
B.S Abdur Rahman Crescent B.S Abdur Rahman Crescent
institute of science & Technology institute of science & Technology
Chennai, India Chennai, India
[email protected] [email protected]

Abstract— Framework to avoid global crime especially
terrorist attacks, bomb blasts, and drone attacks all major and
minor attacks with the help of SCMD (S uspicious
Cryptographic Message Detection) such as cryptanalysis of
S MS or any messaging system. When the server received a
suspicious encrypted message, the proposed framework will
decrypt the suspicious message and facilitate in predicting the
crime, criminal name, location, and criminal details and report
to the electronic crime agency. To date, no proper solution to
avoid such a big crime as the world is facing problems still
today along with this machine learning technique, Artificial
Intelligence and semantic web ontology and Cryptanalysis of
Enigma Cipher. Terrorists communicate with their teammates
in different locations of the world and instruct with resources
to attack the government or public while communicating they
use the encrypted message to maintain secrecy. Our
framework at the server site will detect encrypted messages
and decrypt them with the help of Cryptanalysis of Enigma
Cipher techniques. The framework will decrypt a suspicious
message and expedites predicting the type of crime from
microblogs before it gets executed by criminals. Details of
criminals will be alerted to cybercrime the department that
reduces the tension for the various security departments.
Criminals use an encrypted message to pass activity among
teammates who may be in living in any corner of the World
and other people may decrypt and convert it to plain text and
takes action.
Keywords— Cryptography, cryptanalysis, encryption, decryption,
Machine Learning; Statistical natural language processing
(SNLP); Social networking with instant messengers;
Association rule mining (ARM); Suspicious message detection
system; SMDs.
I. INT RODUCT ION
The Recent terrorist attacks on a Sri Lan kan church, a
New Zea land mosque, and Indian cities, as well as other
criminal acts, must be considered as a serious issue. The
existing terrorism detection systems fail to spot similar
attacks. This research work has attempted to create a system
to help in the imp lementation of assaults by utilizing a
variety of co mmunication mechanisms among attackers.
Since the attacker may employ mu ltilingual communications
when communicating, a mu ltilingual message detection
system needs to be designed. The proposed framework
quickly discovers the accused before they commit a crime
and alerts law enforcement, hence reducing crime in society.
The advent of the internet led to (evoked) the emergence
of never-ending digital crime. Cu lprits use cellular phones,
instant messengers, and Social Networking Destinations to
send suspicious text messages, which may be quite strict in
following their unlawful operations. Many examp les of
criminality through social networking have been reported. To
find criminals, the E-crime Agency should be adlibbed with
advances in technology. The majority of instant messaging
systems (IMS) are built by defin ing their message, video, and
sound conferencing limits. Many cases were reported in
which people communicated in different languages during
the assault season, but E-crime departments are not fully
prepared to detect online multilingual suspicious messages.
Digital offence drills are spreading globally. The CIA, FBI,
and other government agencies are efficiently acquiring
digital data relating to crime and distant knowledge data to
predict future cyber-attacks. (Shrestha & Spezzano, 2019).
II. LIT ERAT URE SURVEY
An understandable communication can be made
unintelligible using cryptography's concepts and techniques,
and subsequently that message can be transformed into its
initial form. Plaintext The initial understandable message
Coded text .
A. Cryptanalysis of Enigma Cipher
The Germans employed the Enig ma encryption as a field
cypher in World War II. One of the more well-known
ancient encryption devices is the Enigma. There were various
other Enig ma variants developed, but the German military
type is the one that most criminals utilise for their wicked
deeds.(Bouchaudy, 2021) (Miller, 1995) (Bruen et al., 2021).
B. The Task
The rotors and their arrangement, the 3 letter indication
settings, the 3 letter ring settings, and the plug board settings
all make up the Enig ma cypher's key space. There are a total
of 60*26*6 = 18,534,946,560 d ifferent configurations,
including the 263 indication settings, 263 ring settings, and
10 co mbinations of 5 rotors (each of which can have 6
permutations of order). Additionally, the plug board settings
add an enormous amount of additional variants. Assuming
that the plug board settings are ignored in this scenario,
solving the ensuing issue is significantly simpler.
The art icles cited above make use of the fact that the
plug board and ring settings can be established independently
of the rotor order and indicator settings. Breaking down the

979-8-3503-4664-0/23/$31.00 ©2023 IEEE 800

Authorized licensed use limited to: VIT-Amaravathi campus. Downloaded on February 21,2025 at 09:37:38 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Second International Conference on Electronics and Renewable Systems (ICEARS-2023).
IEEE Xplore Part Number: CFP23AV8-ART; ISBN: 979-8-3503-4664-0

rotor order and indication settings is the first step in g reatly

reducing the total complexity. The first phase is the most
computationally demanding one, requiring 60*263
decryptions. The following En ig ma message can be
deciphered:

XTZHZWXXLIIHFVNDYTSQ

This message is 20 characters long. While obtaining the ideal

parameters, this study will rely on quad ram statistics as a
fitness function.
Fig. 1. The decrypted plain text is as follows BLAST AT A PUBLIC
C. Determining the Rotor Order GARDEN
For all conceivable comb inations of indicator settings,
the initial step is to attempt decoding the cypher text with B. Flowchart 1: Suspicious Cryptographic Message
each rotor combination and rotor sequence. For the C code Detection:
supplied below, this takes around 20 seconds and 60*203
decryptions. At first, we suppose that the ring settings are,
for instance, "AAA." Although we can nearly always prove
this presumption incorrect, we can still determine the rotor
order.
The greatest outcome so far came fro m decrypting the
message using rotors "123" and every available indication
setting.
1) BLAST AT A PUBLIC GARDEN,
which is -411.859955 fit. This is a significant
improvement in fitness, as substantial portions of what seems
to be plaintext do actually show through. This remains the
highest-scoring decryption after examining all potential
rotors and indicators, so we proceed to the follo wing section,
Determining the Ring Settings.
We want to determine the ring settings using the optimal
rotor and indicator settings from the previous section. Since a
poor ring setting on the centre rotor would often damage
more output characters than a fast rotor (the one on the
Fig. 2. Flow chart 1: When the conversation starts server gets decrypted
right), we test each potential ring setting there first. Since it
micro blogs, with the help of Cryptanalysis of Enigma technique micro-
has no impact on encryption, the ring setting of the slowest blog get cryptanalyses and decrypt the message to plain text and forwarded
rotor does not need to be altered. Only 26 ring/indicator to filter.
settings must be tried for each rotor since the rotors must
remain aligned with the recovered indicator setting. As a IV. THE A RCHIT ECT URE OF ENCODER A ND DECODER
result, as the rings are moved, the trial indicator setting for
each rotor is moved in the same way. To rate the candidates,
we once more turn to quad ram statistics. Only 262 = 676
options need to be tested, which makes the procedure quite
rapid. Following is the highest-scoring decryption: (Prasad &
Kumari, 2020) Bouchaudy (2021).

III. ENIGMA CIPHER A LGORIT HM

1. The position of the rotors
2. The initial positions for the rotor
3. Ring mountings
4. The plug board configurations
A. Cryptanalysis of Enigma Cipher implementation
Fig. 3. Encoder and Decoder Architecture

979-8-3503-4664-0/23/$31.00 ©2023 IEEE 801

Authorized licensed use limited to: VIT-Amaravathi campus. Downloaded on February 21,2025 at 09:37:38 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Second International Conference on Electronics and Renewable Systems (ICEARS-2023).
IEEE Xplore Part Number: CFP23AV8-ART; ISBN: 979-8-3503-4664-0

V. ST EPS INVOLVED IN T HE PROPOSED ALGORIT HM Rajaman i, 2012), (Access the GTD | GTD, n.d.)(Mohammed
Flow Chart 2: SPD Mahmood Ali & Rajamani, 2013),

As received input from a sender, it detects the

cryptographic words using the Enig ma cypher algorithm if
not detected process stops if detected then cryptanalysis by
Enig ma cypher is converted into plain text and forwarded to
filter the message.
In the second step, unwanted words are removed by using
filters fro m the messages in this process we will identify
suspicious words with the help of algorithm 2. The resultant
detected words are stored in TPDB for the next process
(Mohammed Mahmood Ali & Rajaman i, 2013)(Rajamani et
al., n.d.)

Fig. 5. Internal Mapping Of cryptographic Suspicious Messages Detection

VI. SUMMARY OF PROPOSED SYST EM:

In this article, the authors seek to propose a framework
that would help in the execution of attacks a foretime
through the various communication methods among the
attacker process start with the first conversation between
criminals will detect language, secondly translate
mu ltilingual conversation to the English language, thirdly
words are filtered, fourthly suspicious words are compared
with pre-defined rules and mult ilingual word net synonyms,
fifthly criminal are tracked by Metadata.

VII. EXPERIMENT AL A NALYSIS

62
Fig. 4. 60
Flow Chart 2: Suspicious pattern detection
58
If suspicious words are found, the message is considered 56
.
to be suspicious, as given in Table I set of suspicious words 54
(SSWDB) in rule 1. KDB has a record of detected stem 52
words with domain and which kind of activity has been 50
performed and metadata help to track the sender and receiver
Murder Fraud Extortion
email id of suspicious word belongs(Mohammed Mah mood
Ali & Rajamani, 2013) (Rajamani et al., n.d.)
Fig. 6. Comparative analysis of three domain
While creating an email id the details like contact number
name age, sex, and all details are stored in EDB and can be Murder, Fraud, Extort ion the domain murder has the highest
accessed with the help of the Relational Wrapper precision value of 60.00 of domain murder > Hence, it maps
Algorithm(Mohammed Mahmood Ali & Rajamani, 2013) to a suspicious word database.
(Rajamani et al., n.d.).
VIII. EXPERIMENT AL RESULT S
The suspicious email id account holder is traced by IP-
To evaluate our proposed system we use precision(Shiri,
Address, and ISP location by a program (R2D Wrapper)
2004) Matrics efficiency of suspicious words extracted only
which generates a report by using an algorithm(Mohammed
on two factors one is precision and another is a recall
Mahmood Ali & Rajamani, 2013) (Rajamani et al., n.d.).
The final report consists of details of criminals with IP Precision =
addresses, ISP, and Email address details according to the
report crime department can take action under their
corresponding act(Mohammed Mahmood Ali & Rajamani,
Recall =
2013),(Rajamani et al., n.d.)
(Mohammed Mahmood Ali et al., 2014) (Mohammed For the domain murder we received a database from
Mahmood Ali & Rajamani, 2013) (Rajamani et al., GTD(Global Terrorisms Database)(Access the GTD | GTD,
n.d.)(Jadhao & Agrawal, 2016), (Mohd Mahmood Ali & n.d.) the most famous database records of terrorists and
criminals all over the world with the latest to 2018 this is the

979-8-3503-4664-0/23/$31.00 ©2023 IEEE 802

Authorized licensed use limited to: VIT-Amaravathi campus. Downloaded on February 21,2025 at 09:37:38 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Second International Conference on Electronics and Renewable Systems (ICEARS-2023).
IEEE Xplore Part Number: CFP23AV8-ART; ISBN: 979-8-3503-4664-0

updated version to date it consists of 191465 ro ws, size 90 [3] Ali, Mohammed Mahmood, & Rajamani, L. (2013). Framework for
MB its codebook can be downloaded with this below link. surveillance of instant messages. International Journal of Internet
Technology and Secured Transactions, 5(1), 18–41.
we can get a complete picture of a terrorist attack or any https://doi.org/10.1504/IJITST.2013.058292
criminal activity by using the following database we analyze [4] Ali, Mohd Mahmood, & Rajamani, L. (2012). APD: ARM deceptive
our system and compare our work with previous system phishing detector system phishing detection in instant messengers
Comparison table is shown below. using data mining approach. Communications in Computer and
Information Science, 269 CCIS(PART I), 490–502.
TABLE I. OUTP UT OBTAINED FROM DOMAIN EXP ERT DATA GT D https://doi.org/10.1007/978-3-642-29219-4_56
[5] Bouchaudy, J.-F. (2021). Enigma: the spoils of Gustave Bertrand, or
Term Proposed “par où tout a commencé.” Cryptologia, 45(4), 309–341.
https://doi.org/10.1080/01611194.2020.1736205
system
[6] Bruen, A., Forcinito, M., & McQuillan, J. (2021). Classical Ciphers
output and Their Cryptanalysis. Cryptography, Information Theory, and
Total 1860 Error‐ Correction, 21–45.
https://doi.org/10.1002/9781119582397.CH2
correctly [7] CHC Global & START – Terrorism Data. (n.d.). Retrieved June 8,
extracted 2021, from https://gtd.terrorismdata.com/
[8] Jadhao, A. R., & Agrawal, A. J. (2016). A digital forensics
Extracted 1704 investigation model for social networking site. ACM International
correctly Conference Proceeding Series, 04-05-Marc, 3–6.
https://doi.org/10.1145/2905055.2905346
Total 1792 [9] Miller, A. R. (1995). The cryptographic mathematics of enigma.
number Cryptologia, 19(1), 65–80. https://doi.org/10.1080/0161-
of words 119591883773
[10] Rajamani, L., Ali, M. M., & Rasheed, M. A. (n.d.). OSMD : Online
possible Suspicious Message Detection Framework for Instant Messaging
Precision 95.08% Systems. 380–385.
[11] Shrestha, A., & Spezzano, F. (2019). Online misinformation: From
Recall 91.61% the deceiver to the victim. Proceedings of the 2019 IEEE/ACM
Here dataset was utilized by generous brainstorming International Conference on Advances in Social Networks Analysis
sessions and for domain experts using GTD. and Mining, ASONAM 2019, 847–850.
https://doi.org/10.1145/3341161.3343536
IX. OBSERVAT ION [12] Tellis, P., & Deepika, N. (2015). Expert System to Detect Suspicious
Words in Online Messages for Intelligence Agency Using FP-growth
It is observed that the Enig ma cypher algorithm is unable Algorithm. 4(7), 103–108.
to detect properly for few suspicious words due to noisy data [13] BramahHazela, J. Hymavathi, T. Rajasanthosh Kumar, S. Kavitha, D.
it can be improved by filtering data it is also identified when Deepa, Sachin Lalar, Prabakaran Karunakaran, "Machine Learning:
Suspicious few words are not exactly matched for such kind Supervised Algorithms to Determine the Defect in High-Precision
of case Rule 3(for undetected words) is applied, It is Foundry Operation", Journal of Nanomaterials, vol. 2022, Article ID
1732441, 9 pages, 2022. https://doi.org/10.1155/2022/1732441
observed that few words are common in many domains such
as location, money for this min imu m threshold value is [14] Access the GTD | GTD. (n.d.). Retrieved April 27, 2020, from
https://www.start.umd.edu/gtd/access/
calculated using GHSL algorithm(Mohammed Mahmood Ali
[15] Miller, A. R. (1995). The cryptographic mathematics of enigma.
et al., 2014) for such cases expert interface is necessary. Cryptologia, 19(1), 65–80. https://doi.org/10.1080/0161-
119591883773
X. FUT URE W ORK AND CONCLUSION
We present a simple solution to the entire world facing
problems with terrorist attacks, extortion, fraud, murder, and
all criminal activity. There was no proper solution for
detecting suspicious cryptographic messages till our
proposed system. The drawback in our system is to improve
precision and decrease recall percentage, detecting criminals
around the globe with the help of enigma cypher
cryptanalysis and reducing crime. This system should be
improved for the detection of all possible languages. The
encrypted words cryptanalysis then convert to plain text then
mapping suspicious words by using our pre-defined database
and GTD(CHC Global & START – Terroris m Data, n.d.)
comparing with suspicious word SSWD if found checking
the profile of the sender and reporting to the e-crime
department.

References
[1] Access the GTD | GTD. (n.d.). Retrieved April 27, 2020, from
https://www.start.umd.edu/gtd/access/
[2] Ali, Mohammed Mahmood, Mohammed, K. M., & Rajamani, L.
(2014). Framework for surveillance of instant messages in instant
messengers and social neworking sites using data mining and
ontology. IEEE TechSym 2014 - 2014 IEEE Students’ Technology
Symposium, 297–302.
https://doi.org/10.1109/TechSym.2014.6808064

979-8-3503-4664-0/23/$31.00 ©2023 IEEE 803

Authorized licensed use limited to: VIT-Amaravathi campus. Downloaded on February 21,2025 at 09:37:38 UTC from IEEE Xplore. Restrictions apply.