Yazar "Alam, Shahid" seçeneğine göre listele

Listeleniyor 1 - 16 / 16
  • [ X ]
    Öğe
    Advancing artificial intelligence-enabled cybersecurity for the internet of things
    (IGI Global, 2021) Demir, Alper Kamil; Alam, Shahid
    Internet of things (IoT) has revolutionized digital transformation and is present in every sector including transportation, energy, retail, healthcare, agriculture, etc. While stepping into the new digital transformation, these sectors must contemplate the risks involved. The new wave of cyberattacks against IoT is posing a severe impediment in adopting this leading-edge technology. Artificial intelligence (AI) is playing a key role in preventing and mitigating some of the effects of these cyberattacks. This chapter discusses different types of threats and attacks against IoT devices and how AI is enabling the detection and prevention of these cyberattacks. It also presents some challenges faced by AI-enabled detection and prevention and provides some solutions and recommendations to these challenges. The authors believe that this chapter provides a favorable basis for the readers who intend to know more about AI-enabled technologies to detect and prevent cyberattacks against IoT and the motivation to advance the current research in this area. © 2021 by IGI Global. All rights reserved.
  • [ X ]
    Öğe
    Applying Natural Language Processing for detecting malicious patterns in Android applications
    (Elsevier Sci Ltd, 2021) Alam, Shahid
    With increasing quantity and sophistication, malicious code is becoming difficult to discover and analyze. Modern NLP (Natural Language Processing) techniques have significantly improved, and are being used in practice to accomplish various tasks. Recently, many research works have applied NLP for finding ma-licious patterns in Android and Windows apps. In this paper, we exploit this fact and apply NLP tech-niques to an intermediate representation (MAIL e Malware analysis intermediate language) of Android apps to build a similarity index model, named SIMP. We use SIMP to find malicious patterns in Android apps. MAIL provides control flow patterns to enhance the malware analysis and makes the code accessible to NLP techniques for checking semantic similarities. For applying NLP, we consider a MAIL program as one document. The control flow patterns in this program when divided, into specific blocks (words), become sentences. We apply TFIDF and Bag-of-Words over these control flow patterns to build SIMP. Our proposed model, when tested with real malware and benign Android apps using different validation methods, achieved an MCC (Mathews Correlation Coefficient) > 0.94 between the true and predicted values. That indicates, predicting a new sample either as malware or benign with a high success rate. (c) 2021 Elsevier Ltd. All rights reserved.
  • [ X ]
    Öğe
    DroidClone: Attack of the Android Malware Clones - A Step Towards Stopping Them
    (Comsis Consortium, 2021) Alam, Shahid; Sogukpinar, Ibrahim
    Code clones are frequent in use because they can be created fast with little effort and expense. Especially for malware writers, it is easier to create a clone of the original than writing a new malware. According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, and the number of new mobile malware clones grew by 54%. There is a need to develop techniques and tools to stop this attack of Android malware clones. To stop this attack, we propose DroidClone that exposes code clones (segments of code that are similar) in Android applications to help detect malware. DroidClone is the first such effort uses specific control flow patterns for reducing the effect of obfuscations and detect clones that are syntactically different but semantically similar up to a threshold. DroidClone is independent of the programming language of the code clones. When evaluated with real malware and benign Android applications, DroidClone obtained a detection rate of 94.2% and false positive rate of 5.6%. DroidClone, when tested against various obfuscations, was able to successfully provide resistance against all the trivial (Renaming methods, parameters, and nop insertion, etc) and some non-trivial (Call graph manipulation and function indirection, etc.) obfuscations.
  • [ X ]
    Öğe
    DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?
    (IEEE, 2018) Alam, Shahid; ul Abideen, M. Zain; Saleem, Shahzad
    The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new tool named DroidMorph, that provides morphing of Android applications (APKs) at different level of abstractions, and can be used to create Android application (malware/benign) clones. As a case study we perform testing and evaluating resilience of current commercial anti-malware products against attack of the Android malware clones generated by DroidMorph. We found that 8 out of 17 leading commercial anti-malware programs were not able to detect any of the morphed APKs. We hope that DroidMorph will be used in future research, to improve Android malware clones analysis and detection, and help stop them.
  • [ X ]
    Öğe
    DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?
    (Institute of Electrical and Electronics Engineers Inc., 2018) Alam, Shahid; Ul Abideen, M. Zain; Saleem, Shahzad
    The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new tool named DroidMorph, that provides morphing of Android applications (APKs) at different level of abstractions, and can be used to create Android application (malware/benign) clones. As a case study we perform testing and evaluating resilience of current commercial anti-malware products against attack of the Android malware clones generated by DroidMorph. We found that 8 out of 17 leading commercial anti-malware programs were not able to detect any of the morphed APKs. We hope that DroidMorph will be used in future research, to improve Android malware clones analysis and detection, and help stop them. © 2018 IEEE.
  • [ X ]
    Öğe
    Evolution of malware in the digital transformation age
    (IGI Global, 2021) Alam, Shahid
    As corporations are stepping into the new digital transformation age and adopting leading-edge technologies such as cloud, mobile, and big data, it becomes crucial for them to contemplate the risks and rewards of this adoption. At the same time, the new wave of malware attacks is posing a severe impediment in implementing these technologies. This chapter discusses some of the complications, challenges, and issues plaguing current malware analysis and detection techniques. Some of the key challenges discussed are automation, native code, obfuscations, morphing, and anti-reverse engineering. Solutions and recommendations are provided to solve some of these challenges. To stimulate further research in this thriving area, the authors highlight some promising future research directions. The authors believe that this chapter provides an auspicious basis for future researchers who intend to know more about the evolution of malware and will act as a motivation for enhancing the current and developing the new techniques for malware analysis and detection. © 2021 by IGI Global. All rights reserved.
  • [ X ]
    Öğe
    IfNot: An approach towards mitigating interest flooding attacks in Named Data Networking of Things
    (Elsevier, 2024) Bilgili, Sedat; Demir, Alper Kamil; Alam, Shahid
    Named Data Networking (NDN) has emerged as a model to accommodate content distribution, security, and mobility. Recently, NDN has been applied to the Internet of Things (IoT), referred to as Named Data Networking of Things (NDNoT). In the rapidly evolving landscape of the NDNoT securing data transmission is paramount. The main purpose and contribution of the research presented in this paper is to safeguard the security vulnerabilities of data transmission in NDNoT. This paper specifically addresses the critical issue of interest flooding attacks in NDNoT. These attacks can disrupt network operations posing far-reaching threats to data integrity and availability. To mitigate these attacks and threats the paper introduces the IfNoT mechanism and evaluates its performance through comprehensive simulations in a realistic and recognized simulator, called Cooja. IfNot identifies the potential interest flooding attacker nodes in the NDNoT environment. It reduces the impact of the attack and the undesirable interest traffic caused by such an attack, which optimizes the network resource utilization at a maximum level. The study also explores the influence of key parameters provided by the IfNoT mechanism. Moreover, the study also identifies optimum settings for these parameters to enhance network utilization. When evaluated using various metrics, including success rate, average latency, and total interest traffic, under different conditions and parameter settings, IfNoT was able to counter the interest flooding attacks effectively. IfNoT mechanism is able to increase success ratio up to 28%, decrease average latency up to 31%, and decrease total interest traffic up to 58%.
  • [ X ]
    Öğe
    LAM: Scrutinizing Leading APIs For Detecting Suspicious Call Sequences
    (Oxford Univ Press, 2023) Alam, Shahid
    The proliferation of smartphones has given exponential rise to the number of new mobile malware. These malware programs are employing stealthy obfuscations to hide their malicious activities. To perform malicious activities a program must make application programming interface (API) calls. Unlike dynamic, static analysis can find all the API call paths but have some issues: large number of features; higher false positives when features reduced; and lowering false positives increases the detection rate. Certain Android API calls, e.g. android.app.Activity:boolean requestWindowFeature(int) enable malware programs to call other APIs to hide their activities. We call them leading APIs as they can lead to malicious activities. To overcome these issues, we propose new heuristics and feature groupings for building a Leading API-call Map, named LAM. We create LAM from a dominant (leading) API call tree. Dominance is a transitive relation and hence enumerates all the call sequences that a leading API leads to. LAM substantially reduces the number and improves the quality of features for combating obfuscations and detecting suspicious call sequences with few false positives. For the dataset used in this paper, LAM reduced the number of features from 509 607 to 29 977. Using 10-fold cross-validation, LAM achieved an accuracy of 97.9% with 0.4% false positives.
  • [ X ]
    Öğe
    Mining and Detection of Anaroia Malware Based on Permissions
    (IEEE, 2018) Sahal, Abdirashid Ahmed; Alam, Shahid; Sogukpinar, Ibrahim
    Due to the open app distribution and more than two billion active users, Android platform continues to serve as low-hanging fruit for malware developers. According to the McAfee threat report, the number of malware families found in the Google Play increased by 30% in 2017. Permission-based access control model is one of the most important mechanisms to protect Android apps against malware. In this paper, we propose a new permission-based model that enhances the efficiency and accuracy of Android malware analysis and detection, and has the capability of potentially detecting previously unknown malware. In this new model, we improve the feature selection by introducing a new weighting method, named TF-IDFCF, based on the class frequency (CF) of the feature. The results of our experiments show that our proposed method has a detection rate of greater than 95.3% with a low false positive rate, when tested with different classifiers.
  • [ X ]
    Öğe
    Mining and Detection of Android Malware Based on Permissions
    (Institute of Electrical and Electronics Engineers Inc., 2018) Sahal, Abdirashid Ahmed; Alam, Shahid; Sogukpinar, Ibrahim
    Due to the open app distribution and more than two billion active users, Android platform continues to serve as low-hanging fruit for malware developers. According to the McAfee threat report, the number of malware families found in the Google Play increased by 30% in 2017. Permission-based access control model is one of the most important mechanisms to protect Android apps against malware. In this paper, we propose a new permission-based model that enhances the efficiency and accuracy of Android malware analysis and detection, and has the capability of potentially detecting previously unknown malware. In this new model, we improve the feature selection by introducing a new weighting method, named TF-IDFCF, based on the class frequency (CF) of the feature. The results of our experiments show that our proposed method has a detection rate of greater than 95.3% with a low false positive rate, when tested with different classifiers. © 2018 IEEE.
  • [ X ]
    Öğe
    Mining Android Bytecodes through the Eyes of Gabor Filters for Detecting Malware
    (Zarka Private Univ, 2023) Alam, Shahid; Demir, Alper Kamil
    One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.
  • [ X ]
    Öğe
    Mining Dominance Tree of API Calls for Detecting Android Malware
    (IEEE, 2018) Alam, Shahid; Yildirim, Serdar; Hassan, Mahamat; Sogukpinar, Ibrahim
    According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, the number of new mobile malware attacks grew by 105% from 2015 to 2016, and the number of new discovered mobile malware variants grew by 54% from 2016 to 2017. A recent McAfee threat report confers that the number of malware families found in the Google play increased by 30% in 2017. There is a need to develop new techniques and methods to stop this inundation of mobile malware attacks. In this paper we propose a new technique named Droid-DomTree that mines dominance tree of API calls in an Android APK for detecting malware. We develop, a sequential model of the dominance tree of API calls and a weighing scheme for assigning weights to each node in the dominance tree for efficient feature selection. A detection rate of 94.3% was obtained with 4 classifiers.
  • [ X ]
    Öğe
    Mining nested flow of dominant APIs for detecting android malware
    (Elsevier, 2020) Alam, Shahid; Alharbi, Soltan Abed; Yildirim, Serdar
    According to the Kaspersky Lab threat report, mobile malware attacks almost doubled in 2018. A study conducted in 2018 by Accenture found malware attacks to be the most expensive to resolve. Android Operating System (OS) is the most dominating platform on mobile devices. This makes Android OS susceptible to malware attacks. We need to develop new techniques and methods to stop this influx of malware attacks. In this paper, we propose a novel technique named DroidDomTree that mines the dominance tree of API (Application programming interface) calls to find similar patterns in Android applications for detecting malware. Dominance is a transitive relation. A dominance tree of API calls highlights a strong flow of path and identifies the nesting structure of APIs and hence emphasizes the importance of certain APIs in an application. It also helps in finding modules and their interaction in an application. If a malicious module is embedded in an application, then this provides strong evidence that the application contains malware. We use these properties and develop a nested model of the dominance tree of API calls and a new scheme for assigning weights to each node in the dominance tree for efficient feature selection. During 10-fold cross-validation, with eight different classifiers using real malware Android applications, DroidDomTree achieved detection rates in the range of 98.1%-99.3% and false positive rates in the range of 1.7%-0.4%. (C) 2019 Elsevier B.V. All rights reserved.
  • [ X ]
    Öğe
    Mininng Dominance Tree of API Calls for Detecting Android Malware
    (Institute of Electrical and Electronics Engineers Inc., 2018) Alam, Shahid; Yildirim, Serdar; Hassan, Mahamat; Sogukpinar, Ibrahim
    According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, the number of new mobile malware attacks grew by 105% from 2015 to 2016, and the number of new discovered mobile malware variants grew by 54% from 2016 to 2017. A recent McAfee threat report confers that the number of malware families found in the Google play increased by 30% in 2017. There is a need to develop new techniques and methods to stop this inundation of mobile malware attacks. In this paper we propose a new technique named Droid-DomTree that mines dominance tree of API calls in an Android APK for detecting malware. We develop, a sequential model of the dominance tree of API calls and a weighing scheme for assigning weights to each node in the dominance tree for efficient feature selection. A detection rate of 94.3% was obtained with 4 classifiers. © 2018 IEEE.
  • [ X ]
    Öğe
    SIFT - File Fragment Classification Without Metadata
    (Institute of Electrical and Electronics Engineers Inc., 2023) Alam, Shahid
    A vital issue of file carving in digital forensics is type classification of file fragments when the filesystem metadata is missing. Over the past decades, there have been several efforts for developing methods to classify file fragments. In this research, a novel sifting approach, named SIFT (Sifting File Types), is proposed. SIFT outperforms the other state-of-the-art techniques by at least 8%. (1) One of the significant differences between SIFT and others is that SIFT uses a single byte as a separate feature, i.e., a total of 256 (0×00 - 0×FF) features. We also call this a lossless feature (information) extraction, i.e., there is no loss of information. (2) The other significant difference is the technique used to estimate inter-Classes and intra-Classes information gain of a feature. Unlike others, SIFT adapts TF-IDF for this purpose, and computes and assigns weight to each byte (feature) in a fragment (sample). With these significant differences and approaches, SIFT produces promising (better) results compared to other works. © 2023 IEEE.
  • [ X ]
    Öğe
    SIFT: Sifting file types-application of explainable artificial intelligence in cyber forensics
    (Springernature, 2024) Alam, Shahid; Demir, Alper Kamil
    Artificial Intelligence (AI) is being applied to improve the efficiency of software systems used in various domains, especially in the health and forensic sciences. Explainable AI (XAI) is one of the fields of AI that interprets and explains the methods used in AI. One of the techniques used in XAI to provide such interpretations is by computing the relevance of the input features to the output of an AI model. File fragment classification is one of the vital issues of file carving in Cyber Forensics (CF) and becomes challenging when the filesystem metadata is missing. Other major challenges it faces are: proliferation of file formats, file embeddings, automation, We leverage and utilize interpretations provided by XAI to optimize the classification of file fragments and propose a novel sifting approach, named SIFT (Sifting File Types). SIFT employs TF-IDF to assign weight to a byte (feature), which is used to select features from a file fragment. Threshold-based LIME and SHAP (the two XAI techniques) feature relevance values are computed for the selected features to optimize file fragment classification. To improve multinomial classification, a Multilayer Perceptron model is developed and optimized with five hidden layers, each layer with ixn\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$i \times n$$\end{document} neurons, where i = the layer number and n = the total number of classes in the dataset. When tested with 47,482 samples of 20 file types (classes), SIFT achieves a detection rate of 82.1% and outperforms the other state-of-the-art techniques by at least 10%. To the best of our knowledge, this is the first effort of applying XAI in CF for optimizing file fragment classification.