Papers by Abdelouahid Derhab
International Journal of Recent Technology and Engineering, 2020
Machine Learning is empowering many aspects of day-to-day lives from filtering the content on soc... more Machine Learning is empowering many aspects of day-to-day lives from filtering the content on social networks to suggestions of products that we may be looking for. This technology focuses on taking objects as image input to find new observations or show items based on user interest. The major discussion here is the Machine Learning techniques where we use supervised learning where the computer learns by the input data/training data and predict result based on experience. We also discuss the machine learning algorithms: Naïve Bayes Classifier, K-Nearest Neighbor, Random Forest, Decision Tress, Boosted Trees, Support Vector Machine, and use these classifiers on a dataset Malgenome and Drebin which are the Android Malware Dataset. Android is an operating system that is gaining popularity these days and with a rise in demand of these devices the rise in Android Malware. The traditional techniques methods which were used to detect malware was unable to detect unknown applications. We ha...
Machine Learning for Networking
Malware still pose a major threat for cyberspace security. Therefore, effective and fast detectio... more Malware still pose a major threat for cyberspace security. Therefore, effective and fast detection of this threat has become an important issue in the security field. In this paper, we propose a fast and highly accurate detection system of Portable Executable (PE) malware. The proposed system relies on analyzing the fields of the PE-headers using a basic way and a more in-depth way in order to generate a set of standard attributes (SAT), and meaningful attributes (MAT) respectively. The decision phase is conducted by leveraging several machine learning classifiers, which are trained using the best K attributes according to two different feature selection methods. The experimental results are very promising, as our system outperforms two state-of-the-art solutions with respect to detection accuracy. It achieves an accuracy of 99.1% and 100% using 10-folds cross validation and train-test split validation, respectively. In both validation approaches, we only use less than 1% out of the initial set of 1329 extracted attributes. Also, our system is able to analyze a file in 0.257 s.
Ad Hoc & Sensor Wireless Networks, 2016
Wireless Communications and Mobile Computing
Multicontroller software-defined networks have been widely adopted to enable management of large-... more Multicontroller software-defined networks have been widely adopted to enable management of large-scale networks. However, they are vulnerable to several attacks including false data injection, which creates topology inconsistency among controllers. To deal with this issue, we propose BMC-SDN, a security architecture that integrates blockchain and multicontroller SDN and divides the network into several domains. Each SDN domain is managed by one master controller that communicates through blockchain with the masters of the other domains. The master controller creates blocks of network flow updates, and its redundant controllers validate the new block based on a proposed reputation mechanism. The reputation mechanism rates the controllers, i.e., block creator and voters, after each voting operation using constant and combined adaptive fading reputation strategies. The evaluation results demonstrate a fast and optimal detection of fraudulent flow rule injection.
2019 International Conference on Advances in the Emerging Computing Technologies (AECT), 2020
Smart Grid (SG) is considered as the next generation power grid, due to its efficiency, resilienc... more Smart Grid (SG) is considered as the next generation power grid, due to its efficiency, resilience, reliability and sustainability. An important feature that will make the SG more reliable and lead to mutual benefits for both customers and power utilities is the Demand Response (DR). DR refers to a set of actions with the aim of dynamically reducing energy demand at specific times and in specific locations in response to a relative shortage in supply. In this paper, we focus on the security of DR and we propose a new key management scheme for SG to secure DR communications. The proposed scheme is based on a novel multi-group key graph structure that supports the management of multiple and dynamic DR programs simultaneously for each customer. A security and performance analysis is conducted to show the effectiveness of our solution.
Proceedings of the 32nd Annual Conference on Computer Security Applications
The popularity of Android OS has dramatically increased malware apps targeting this mobile OS. Th... more The popularity of Android OS has dramatically increased malware apps targeting this mobile OS. The daily amount of malware has overwhelmed the detection process. This fact has motivated the need for developing malware detection and family attribution solutions with the least manual intervention. In response, we propose Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building an efficient and scalable similarity network infrastructure of malicious apps. Our detection method is based on a novel concept, namely malicious community, in which we consider, for a given family, the instances that share common features. Under this concept, we assume that multiple similar Android apps with different authors are most likely to be malicious. Cypider leverages this assumption for the detection of variants of known malware families and zero-day malware. It is important to mention that Cypider does not rely on signaturebased or learning-based patterns. Alternatively, it applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and most likely malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a learning model for each malicious community. Cypider shows excellent results by detecting about 50% of the malware dataset in one detection iteration. Besides, the preliminary results of the community fingerprint are promising as we achieved 87% of the detection.
2018 International Conference on Smart Communications in Network Technologies (SaCoNeT)
In this paper, we present a survey of existing privacy-preserving schemes for fog-based Internet ... more In this paper, we present a survey of existing privacy-preserving schemes for fog-based Internet of Things (IoT) applications. We start by describing fundamentals of fog computing architecture and presenting an overview of the fog-based IoT applications. Then we discuss major attacks in fog-based IoT applications and we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods towards secure and privacy-preserving fog-based IoT applications with respect to network model, specific security goals, performance, limitations, and complexity. Based on the existing security models, we classify privacy-preserving models for fog-based IoT applications in eight categories, including, holistic privacy, privacy-preserving aggregation, trajectory privacy, conditional privacy preservation, differential privacy, data privacy, user’s privacy, and location privacy. In addition, we highlight open research challenges and discuss possible future research directions in the privacy-preserving for fog-based IoT applications.
IEEE Access
The Network Intrusion Detection System (NIDS) is an important tool for protecting computer networ... more The Network Intrusion Detection System (NIDS) is an important tool for protecting computer networks against threats and malicious attacks. Many techniques have recently been proposed, however, these techniques face significant challenges due to the continuous emergence of new threats that are not recognized by existing detection systems. In this paper, we propose a novel two-stage deep learning (TSDL) model based on a stacked auto-encoder with a soft-max classifier for efficient network intrusion detection. The model comprises two decision stages: an initial stage responsible for classifying network traffic as normal or abnormal using a probability score value. This is then used in the final decision stage as an additional feature for detecting the normal state and other classes of attacks. The proposed model is able to learn useful feature representations from large amounts of unlabeled data and classifies them automatically and efficiently. To evaluate and test the effectiveness of the proposed model, several experiments are conducted on two public datasets: an older benchmark dataset, the KDD99, and a newer one, the UNSW-NB15. Comparative experimental results demonstrate that our proposed model significantly outperforms existing models and methods and achieves high recognition rates, up to 99.996% and 89.134%, for the KDD99 and UNSW-NB15 datasets respectively. We conclude that our model has the potential to serve as a future benchmark for the deep learning and network security research communities.
2016 IEEE Wireless Communications and Networking Conference, 2016
In this paper, we propose a new Medium Access Control (MAC) protocol for Wireless Sensor Networks... more In this paper, we propose a new Medium Access Control (MAC) protocol for Wireless Sensor Networks (WSNs) called MMSMAC (Multi-Mode Sensor MAC protocol), which can operate and switch among three modes: synchronous, asynchronous, and hybrid, according to the application requirements. In the synchronous mode, MMSMAC organizes the sensor nodes under even and odd clusters. Each sensor node has its own active/sleep and send/receive periods according to its cluster identifier, which ensures better load balancing among nodes. In the asynchronous mode, sensor nodes communicate freely without the utilization of even and odd clusters. In this mode, we also propose another mechanism to circumvent the hidden host problem. In the hybrid mode, the features of synchronous and asynchronous modes are combined. Simulation results and analysis show that each of the MMSMAC modes shows convincing performance gains and outperforms B-MAC and CSMA/TDMA protocols.
Wireless Communications and Mobile Computing
In the era of the Internet of Things (IoT), connected objects produce an enormous amount of data ... more In the era of the Internet of Things (IoT), connected objects produce an enormous amount of data traffic that feed big data analytics, which could be used in discovering unseen patterns and identifying anomalous traffic. In this paper, we identify five key design principles that should be considered when developing a deep learning-based intrusion detection system (IDS) for the IoT. Based on these principles, we design and implement Temporal Convolution Neural Network (TCNN), a deep learning framework for intrusion detection systems in IoT, which combines Convolution Neural Network (CNN) with causal convolution. TCNN is combined with Synthetic Minority Oversampling Technique-Nominal Continuous (SMOTE-NC) to handle unbalanced dataset. It is also combined with efficient feature engineering techniques, which consist of feature space reduction and feature transformation. TCNN is evaluated on Bot-IoT dataset and compared with two common machine learning algorithms, i.e., Logistic Regressi...
Abstract: An ad hoc network is a temporary infrastructureless network, formed dynamically by mobi... more Abstract: An ad hoc network is a temporary infrastructureless network, formed dynamically by mobile devices without turning to any existing centralized administration. To send packets to remote nodes, a node uses other intermediate nodes as relays, and ask them to forward its packets. For this purpose, a distributed routing protocol is required. Because the devices used are mobile, the network topology is unpredictable, and it may change at any time. These topology changes along with other intrinsic features related to mobile devices, such as the energy resource limitation, make ad hoc networks challenging to implement efficient routing protocols. In this paper, we drive a GloMoSim based simulation study, to investigate the mobility effects on the performance of several mobile ad hoc routing protocols. Keywords: Ad hoc mobile networks, wireless networks, routing protocols, simulation, GloMoSim.
Journal of Ambient Intelligence and Humanized Computing, 2021
Remote deep learning paradigm raises important privacy concerns related to clients sensitive data... more Remote deep learning paradigm raises important privacy concerns related to clients sensitive data and deep learning models. However, dealing with such concerns may come at the expense of more client-side overhead, which does not fit applications relying on constrained environments. In this paper, we propose a privacy-preserving solution for deep-learning-based inference, which ensures effectiveness and privacy, while meeting efficiency requirements of constrained client-side environments. The solution adopts the non-colluding two-server architecture, which prevents accuracy loss as it avoids using approximation of activation functions, and copes with constrained client-side due to low overhead cost. The solution also ensures privacy by leveraging two reversible perturbation techniques in combination with paillier homomorphic encryption scheme. Client-side overhead evaluation compared to the conventional homomorphic encryption approach, achieves up to more than two thousands times im...
Advanced Metering Infrastructure (AMI) has been regarded as a foundational part of the Smart Grid... more Advanced Metering Infrastructure (AMI) has been regarded as a foundational part of the Smart Grid (SG). Consequently, AMI security is of critical importance. In this paper, we describe and investigate the current proposed authentication schemes and techniques for AMI. We discuss the challenges and desired objectives of authentication. We also provide a review of the recent proposed schemes for AMI along with their advantages and drawbacks towards meeting the discussed challenges and objectives. Based on the current survey, we identify open issues and suggest possible future research directions.
Real-time, accurate, and stable forecasting plays a vital role in making strategic decisions in t... more Real-time, accurate, and stable forecasting plays a vital role in making strategic decisions in the smart grid (SG). This ensures economic savings, effective planning, and reliable and secure power system operation. However, accurate and stable forecasting is challenging due to the uncertain and intermittent electric load behavior. In this context, a rigid forecasting model with assertive stochastic and non-linear behavior capturing abilities is needed. Thus, a support vector regression (SVR) model emerged to cater the non-linear time-series predictions. However, it suffers from computational complexity and hard-to-tune appropriate parameters problem. Due to these problems, forecasting results of SVR are not as accurate as required. To solve such problems, a novel hybrid approach is developed by integrating feature engineering (FE) and modified fire-fly optimization (mFFO) algorithm with SVR, namely FE-SVR-mFFO forecasting framework. FE eliminates redundant and irrelevant features t...
This paper discusses how ad-hoc collaboration boosts the operation of a set of messengers. This d... more This paper discusses how ad-hoc collaboration boosts the operation of a set of messengers. This discussion continues the research we earlier initiated in the MESSENGER project, which develops data management mechanisms for UDDI registries of Web services using mobile users and software agents. In the current operation mode of messengers, descriptions of Web services are first, collected from UDDI registries and later, submitted to other UDDI registries. This submission mode of Web services descriptions does not foster the tremendous opportunities that both wireless technologies and mobile devices offer. When mobile devices are “close” to each other, they can form a mobile ad-hoc network that permits the exchange of data between these devices without any pre-existing communication infrastructure. By authorizing messengers to engage in ad-hoc collaboration, collecting additional descriptions of Web services from other messengers can happen, too. This has several advantages, but at the...
Smart cities are increasingly playing a fundamental role in managing the city’s asset. Smart tran... more Smart cities are increasingly playing a fundamental role in managing the city’s asset. Smart transportation is an important building block of a smart city as it can efficiently resolve many issues related to the traffic on the road. Vehicular ad hoc networks (VANETs) in smart cities may ensure wide inter-vehicle communication and disseminate data and safety-related information. VANETs have their specific characteristics such as long lifetime battery energy, high mobility, and large storage capabilities. In certain circumstances, VANETs may not ensure timely detection of road events and connectivity between vehicles due to their low density, high mobility, or low deployment of roadside unit (RSU) infrastructure. Wireless sensor networks (WSNs) are equipped with low processing and low storage capabilities but they ensure high detection of events. To overcome VANETs limitations, and as VANET and WSN have complementary characteristics, the combination of VANET and wireless sensor networ...
Journal of Artificial Intelligence and Soft Computing Research
Multi-Agent Systems (MAS) have been widely used in many areas like modeling and simulation of com... more Multi-Agent Systems (MAS) have been widely used in many areas like modeling and simulation of complex phenomena, and distributed problem solving. Likewise, MAS have been used in cyber-security, to build more efficient Intrusion Detection Systems (IDS), namely Collaborative Intrusion Detection Systems (CIDS). This work presents a taxonomy for classifying the methods used to design intrusion detection systems, and how such methods were used alongside with MAS in order to build IDS that are deployed in distributed environments, resulting in the emergence of CIDS. The proposed taxonomy, consists of three parts: 1) general architecture of CIDS, 2) the used agent technology, and 3) decision techniques, in which used technologies are presented. The proposed taxonomy reviews and classifies the most relevant works in this topic and highlights open research issues in view of recent and emerging threats. Thus, this work provides a good insight regarding past, current, and future solutions for ...
Lecture Notes in Computer Science
Web applications (WAs) are constantly evolving and deployed at broad scale. However, they are exp... more Web applications (WAs) are constantly evolving and deployed at broad scale. However, they are exposed to a variety of attacks. The biggest challenge facing organizations is how to develop a WA that fulfills their requirements with respect to sensitive data exchange, Ecommerce, and secure workflows. This paper identifies the most critical web vulnerabilities according to OWASP Top Ten, their corresponding attacks, and their countermeasures. The application of these countermeasures will guarantee the protection of the WAs against the most severe attacks and prevent several unknown exploits.
Uploads
Papers by Abdelouahid Derhab