Effective digital forensic analysis of the NTFS disk image
- Authors: Alazab, Mamoun , Venkatraman, Sitalakshmi , Watters, Paul
- Date: 2009
- Type: Text , Journal article
- Relation: Ubiquitous Computing and Communication Journal Vol. 4, no. 3 (Special issue on ICIT 2009 Conference - Applied Computing) (2009), p. 551-558
- Full Text: false
- Reviewed:
- Description: Forensic analysis of the Windows NT File System (NTFS) could provide useful information leading towards malware detection and presentation of digital evidence for the court of law. Since NTFS records every event of the system, forensic tools are required to process an enormous amount of information related to user / kernel environment, buffer overflows, trace conditions, network stack, etc. This has led to imperfect forensic tools that are practical for implementation and hence become popular, but are not comprehensive and effective. Many existing techniques have failed to identify malicious code in hidden data of the NTFS disk image. This research discusses the analysis technique we have adopted to successfully detect maliciousness in hidden data, by investigating the NTFS boot sector. We have conducted experimental studies with some of the existing popular forensics tools and have identified their limitations. Further, through our proposed three-stage forensic analysis process, our experimental investigation attempts to unearth the vulnerabilities of NTFS disk image and the weaknesses of the current forensic techniques.
- Description: 2003007525
Applying genetic alogorithm for optimizing broadcasting process in ad-hoc network
- Authors: Elaiwat, Said , Alazab, Ammar , Venkatraman, Sitalakshmi , Alazab, Mamoun
- Date: 2011
- Type: Text , Journal article
- Relation: International Journal of Recent Trends in Engineering & Technology Vol. 4, no. 1 (2011), p. 68-72
- Full Text: false
- Reviewed:
- Description: Optimizing broadcasting process in mobile ad hoc network (MANET) is considered as a main challenge due to many problems, such as Broadcast Storm problem and high complexity in finding the optimal tree resulting in an NP-hard problem. Straight forward techniques like simple flooding give rise to Broadcast Storm problem with a high probability. In this work, genetic algorithm (GA) that searches over a population that represents a distinguishable ‘structure’ is adopted innovatively to suit MANETs. The novelty of the GA technique adopted here to provide the means to tackle this MANET problem lies mainly on the proposed method of searching for a structure of a suitable spanning tree that can be optimized, in order to meet the performance indices related to the broadcasting problem. In other words, the proposed genetic model (GM) evolves with the structure of random trees (individuals) ‘genetically’ generated using rules that are devised specifically to capture MANET behaviour in order to arrive at a minimal spanning tree that satisfies certain fitness function. Also, the model has the ability to give different solutions depending on the main factors specified such as, ‘time’ (or speed) in certain situations and ‘reachability’ in certain others.
Six sigma approach to improve quality in e-services: An empirical study in Jordan
- Authors: Alhyari, Salah , Alazab, Moutaz , Venkatraman, Sitalakshmi , Alazab, Mamoun , Alazab, Ammar
- Date: 2012
- Type: Text , Journal article
- Relation: International Journal of Electronic Government Research Vol. 8, no. 2 (April, 2012), p. 57-74
- Full Text: false
- Reviewed:
- Description: This paper investigates the application of the Six Sigma approach to improve quality in electronic services (e-services) as more countries are adopting e-services as a means of providing services to their people through the Web. This paper presents a case study about the use of Six Sigma model to measure customer satisfaction and quality levels achieved in e-services that were recently launched by public sector organisations in a developing country, such as Jordan. An empirical study consisting of 280 customers of Jordan's e-services is conducted and problems are identified through the DMAIC phases of Six Sigma. The service quality levels are measured and analysed using six main criteria: Website Design, Reliability, Responsiveness, Personalization, Information Quality, and System Quality. The study indicates a 74% customer satisfaction with a Six Sigma level of 2.12 has enabled the Greater Amman Municipality to identify the usability issues associated with their e-services offered by public sector organisations. The aim of the paper is not only to implement Six Sigma as a measurement-based strategy for improving e-customer service in a newly launched e-service programme, but also widen its scope in investigating other service dimensions and perform comparative studies in other developing countries.
Analysis of firewall log-based detection scenarios for evidence in digital forensics
- Authors: Mukhtar, Rubiu , Al-Nemrat, Ameer , Alazab, Mamoun , Venkatraman, Sitalakshmi , Jahankhani, Hamid
- Date: 2012
- Type: Text , Journal article
- Relation: International Journal of Electronic Security and Digital Forensics Vol. 4, no. 4 (2012), p. 261-279
- Full Text: false
- Reviewed:
- Description: With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack. Copyright © 2012 Inderscience Enterprises Ltd.
- Description: 2003010400
Hybrids of support vector machine wrapper and filter based framework for malware detection
- Authors: Huda, Shamsul , Abawajy, Jemal , Alazab, Mamoun , Abdollahian, Mali , Islam, Rafiqul , Yearwood, John
- Date: 2016
- Type: Text , Journal article
- Relation: Future Generation Computer Systems Vol. 55, no. (2016), p. 376-390
- Full Text: false
- Reviewed:
- Description: Malware replicates itself and produces offspring with the same characteristics but different signatures by using code obfuscation techniques. Current generation Anti-Virus (AV) engines employ a signature-template type detection approach where malware can easily evade existing signatures in the database. This reduces the capability of current AV engines in detecting malware. In this paper we propose a hybrid framework for malware detection by using the hybrids of Support Vector Machines Wrapper, Maximum-Relevance–Minimum-Redundancy Filter heuristics where Application Program Interface (API) call statistics are used as a malware features. The novelty of our hybrid framework is that it injects the filter’s ranking score in the wrapper selection process and combines the properties of both wrapper and filters and API call statistics which can detect malware based on the nature of infectious actions instead of signature. To the best of our knowledge, this kind of hybrid approach has not been explored yet in the literature in the context of feature selection and malware detection. Knowledge about the intrinsic characteristics of malicious activities is determined by the API call statistics which is injected as a filter score into the wrapper’s backward elimination process in order to find the most significant APIs. While using the most significant APIs in the wrapper classification on both obfuscated and benign types malware datasets, the results show that the proposed hybrid framework clearly surpasses the existing models including the independent filters and wrappers using only a very compact set of significant APIs. The performances of the proposed and existing models have further been compared using binary logistic regression. Various goodness of fit comparison criteria such as Chi Square, Akaike’s Information Criterion (AIC) and Receiver Operating Characteristic Curve ROC are deployed to identify the best performing models. Experimental outcomes based on the above criteria also show that the proposed hybrid framework outperforms other existing models of signature types including independent wrapper and filter approaches to identify malware.
Security and blockchain convergence with internet of multimedia things : current trends, research challenges and future directions
- Authors: Jan, Mian , Cai, Jinjin , Gao, Xiang-Chuan , Khan, Fazlullah , Mastorakis, Spyridon , Usman, Muhammad , Alazab, Mamoun , Watters, Paul
- Date: 2021
- Type: Text , Journal article
- Relation: Journal of Network and Computer Applications Vol. 175, no. (2021), p.
- Full Text:
- Reviewed:
- Description: The Internet of Multimedia Things (IoMT) orchestration enables the integration of systems, software, cloud, and smart sensors into a single platform. The IoMT deals with scalar as well as multimedia data. In these networks, sensor-embedded devices and their data face numerous challenges when it comes to security. In this paper, a comprehensive review of the existing literature for IoMT is presented in the context of security and blockchain. The latest literature on all three aspects of security, i.e., authentication, privacy, and trust is provided to explore the challenges experienced by multimedia data. The convergence of blockchain and IoMT along with multimedia-enabled blockchain platforms are discussed for emerging applications. To highlight the significance of this survey, large-scale commercial projects focused on security and blockchain for multimedia applications are reviewed. The shortcomings of these projects are explored and suggestions for further improvement are provided. Based on the aforementioned discussion, we present our own case study for healthcare industry: a theoretical framework having security and blockchain as key enablers. The case study reflects the importance of security and blockchain in multimedia applications of healthcare sector. Finally, we discuss the convergence of emerging technologies with security, blockchain and IoMT to visualize the future of tomorrow's applications. © 2020 Elsevier Ltd
Hybrids of support vector machine wrapper and filter based framework for malware detection
- Authors: Huda, Shamsul , Abawajy, Jemal , Alazab, Mamoun , Abdollalihiand, Mali , Islam, Rafiqul , Yearwood, John
- Date: 2016
- Type: Text , Journal article
- Relation: Future Generation Computer Systems Vol. 55, no. (2016), p. 376-390
- Full Text: false
- Reviewed:
- Description: Malware replicates itself and produces offspring with the same characteristics but different signatures by using code obfuscation techniques. Current generation Anti-Virus (AV) engines employ a signature-template type detection approach where malware can easily evade existing signatures in the database. This reduces the capability of current AV engines in detecting malware. In this paper we propose a hybrid framework for malware detection by using the hybrids of Support Vector Machines Wrapper, Maximum-Relevance–Minimum-Redundancy Filter heuristics where Application Program Interface (API) call statistics are used as a malware features. The novelty of our hybrid framework is that it injects the filter’s ranking score in the wrapper selection process and combines the properties of both wrapper and filters and API call statistics which can detect malware based on the nature of infectious actions instead of signature. To the best of our knowledge, this kind of hybrid approach has not been explored yet in the literature in the context of feature selection and malware detection. Knowledge about the intrinsic characteristics of malicious activities is determined by the API call statistics which is injected as a filter score into the wrapper’s backward elimination process in order to find the most significant APIs. While using the most significant APIs in the wrapper classification on both obfuscated and benign types malware datasets, the results show that the proposed hybrid framework clearly surpasses the existing models including the independent filters and wrappers using only a very compact set of significant APIs. The performances of the proposed and existing models have further been compared using binary logistic regression. Various goodness of fit comparison criteria such as Chi Square, Akaike’s Information Criterion (AIC) and Receiver Operating Characteristic Curve ROC are deployed to identify the best performing models. Experimental outcomes based on the above criteria also show that the proposed hybrid framework outperforms other existing models of signature types including independent wrapper and filter approaches to identify malware.