Search

Your search keyword '"Djedjiga Mouheb"' showing total 82 results
Start Over Author "Djedjiga Mouheb"

Refine your results

more »

more »

more »
82 results on '"Djedjiga Mouheb"'

1. Cybersecurity activities for education and curriculum design: A survey

Author

Muhusina Ismail, Nisha Thorakkattu Madathil, Meera Alalawi, Saed Alrabaee, Mohammad Al Bataineh, Suhib Melhem, and Djedjiga Mouheb

Subjects
Cybersecurity, Curriculum, Threats, Design, Education, Cyber-attack, Electronic computers. Computer science, QA75.5-76.95, Psychology, BF1-990
Abstract

Cyber threats are one of the main concerns in this growing technology epoch. To tackle this issue, highly skilled and motivated cybersecurity professionals are increasingly in demand to prevent, detect, respond to, or even mitigate the effects of such threats. However, the world faces a workforce shortage of qualified cybersecurity professionals and practitioners. To address this dilemma, several cybersecurity educational programs have been introduced, such as specialized cybersecurity courses in computer science graduate programs. With the increasing demand, different cybersecurity courses are introduced at the high school level, undergraduate computer science and information systems programs, and even at the government level. Due to the peculiar nature of cybersecurity, educational institutions face many issues when designing a curriculum or cybersecurity activities. In this paper, we study existing cybersecurity curriculum approaches and activities. We also present case studies on cybersecurity education around the globe.

Published
2024
Full Text
View/download PDF

23. Fingerprinting Cyber-Infrastructures of Android Malware

Author

ElMouatez Billah Karbab, Djedjiga Mouheb, Abdelouahid Derhab, and Mourad Debbabi

Subjects
Situation awareness, Computer science, business.industry, Darknet, Context (language use), computer.software_genre, Computer security, Domain (software engineering), Set (abstract data type), Android malware, Malware, The Internet, business, computer
Abstract

In this chapter, we propose ToGather, an automatic investigation framework for Android malware cyber-infrastructures. In our context, a malware cyber-infrastructure is a set of IP addresses and domain names orchestrated together to serve as a backend for malicious activities, including malicious apps. ToGather framework is a set of techniques and tools together with security feeds, which automatically build a situational awareness about Android malware cyber-infrastructures. ToGather characterizes the cyber-infrastructure starting from Android malware samples to relate the malware to the corresponding network footprint in terms of IPs and domains. ToGather goes even a step further by dividing this cyber-infrastructure into sub-infrastructure components based on the connectivity between nodes. The result is in the segmentation of the global threat network into multiple network communities representing many granular sub-cyber-infrastructures. To this end, ToGather leverages cyber-threat intelligence that is derived from various sources such as spam, Windows malware, darknet, and passive DNS to ascribe cyber-threats to the corresponding cyber-infrastructure. Accordingly, the input of ToGather framework is made of malware samples together with security feeds, while the output represents networks of cyber-infrastructures together with their network footprint, which provides the security practitioner an overview of Android malware cyber-activities on the Internet.

Published
2021

24. Background and Related Work

Author

ElMouatez Billah Karbab, Mourad Debbabi, Djedjiga Mouheb, and Abdelouahid Derhab

Subjects
Generality, System deployment, Software deployment, Computer science, Taxonomy (general), Novelty, Malware, Architecture, Computer security, computer.software_genre, computer, Privilege escalation
Abstract

In this chapter, we review and compare the state-of-the-art proposals on Android malware analysis and detection according to a novel taxonomy. Due to the large number of published contributions, we focus our review on the most prominent articles in terms of novelty and contributions, with an emphasis on those published in top-tier security journals and conferences. The proposed taxonomy is based on the generality of Android malware threats. It classifies the existing systems into: (1) general malware detection, which aims to detect malware without taking into account a particular type of attack, and (2) attack-based malware detection, which aims at detecting specific attacks such as privilege escalation attacks, data leakage attacks, etc. Furthermore, each threat category is classified according to the system deployment of the detection approach, i.e., the physical environment into which the system is intended to run. Furthermore, we consider three main deployment architectures: workstation-based, mobile-based, and hybrid architectures. The proposed two-level taxonomy allows carrying out an objective and appropriate analysis by comparing only systems that are addressing the same threat category, and having the same deployment architecture as they share the same goals and have similar issues to solve.

Published
2021

25. Introduction

Author

ElMouatez Billah Karbab, Mourad Debbabi, Abdelouahid Derhab, and Djedjiga Mouheb

Published
2021

26. Resilient and Adaptive Android Malware Fingerprinting and Detection

Author

Djedjiga Mouheb, ElMouatez Billah Karbab, Mourad Debbabi, and Abdelouahid Derhab

Subjects
business.industry, Computer science, Android malware, Malware, Artificial intelligence, Android (operating system), business, computer.software_genre, Machine learning, computer
Abstract

In this chapter, we present PetaDroid, an Android detection system that provides, in contrast to MalDozer (previous chapter), (1) resiliency to common obfuscation techniques by introducing code randomization during training; (2) adaptation to operating system and malware change overtime by introducing the use of confidence-based decisions to collect adaptation datasets overtime. In this context, we identify several limitations and gaps in the state-of-the-art Android malware detection solutions.

Published
2021

27. Portable Supervised Malware Fingerprinting Using Deep Learning

Author

Abdelouahid Derhab, ElMouatez Billah Karbab, Mourad Debbabi, and Djedjiga Mouheb

Subjects
Artificial neural network, Assembly language, Computer science, business.industry, Deep learning, Contrast (statistics), Static analysis, computer.software_genre, Machine learning, Software deployment, Malware, Artificial intelligence, business, Cluster analysis, computer, computer.programming_language
Abstract

In this chapter, we propose MalDozer, an innovative and efficient framework for Android malware detection, leveraging sequence mining via neural networks. MalDozer focuses on portable malware detection based on applying supervised machine learning on static analysis features in contrast to Cypider, presented in Chap. 4, in which we propose an unsupervised system based on static analysis features. While Cypider provides a framework for malware clustering, aimed at market level app analysis. MalDozer provides an efficient malware detection to allow the deployment inside resource-constrained devices. MalDozer framework is based on an artificial neural network that takes, as input, the raw sequences of API method calls, as they appear in the DEX file, to enable malware detection and family attribution. MalDozer can automatically recognize malicious patterns using only the sequences of raw method calls in the assembly code.

Published
2021

28. Conclusion

Author

ElMouatez Billah Karbab, Mourad Debbabi, Abdelouahid Derhab, and Djedjiga Mouheb

Published
2021

29. Android Malware Fingerprinting Using Dynamic Analysis

Author

Abdelouahid Derhab, ElMouatez Billah Karbab, Mourad Debbabi, and Djedjiga Mouheb

Subjects
Feature engineering, Feature (computer vision), Computer science, Ransomware, Malware, Context (language use), Computer security, computer.software_genre, Communications security, computer, Host (network), Data-driven
Abstract

In this chapter, we elaborate a data driven framework for detecting Android malware using automatically engineered features derived from dynamic analyses. The state-of-the-art solutions, such as Chen et al., (Stormdroid: A streaminglized machine learning-based system for detecting android malware, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, May 30–June 3, 2016 (2016), pp. 377–388), Kharraz et al. (UNVEIL: A large-scale, automated approach to detecting ransomware, in 25th USENIX Security Symposium, USENIX Security 16, Austin, August 10–12, 2016 (2016), pp. 757–772) and Sgandurra et al. (CoRR abs/1609.03020, 2016), rely on manual feature engineering in malware detection. For example, StormDroid (Chen, et al., (Stormdroid: A streaminglized machine learning-based system for detecting android malware, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, May 30–June 3, 2016 (2016), pp. 377–388)) uses Sendsms and Recvnet dynamic features, which are chosen based on statistical analysis, for Android malware detection. As another example, the authors in Kolbitsch et al. (Effective and efficient malware detection at the end host, in USENIX Security Symposium (2009), pp. 351–366) used specific features to build behavioral graphs for Win32 malware detection. The security features may change based on the execution environment despite the target platform. For instance, the authors in Chen et al. (Stormdroid: A streaminglized machine learning-based system for detecting android malware, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, May 30–June 3, 2016 (2016), pp. 377–388) and in Alzaylaee et al. (CoRR abs/1607.08166, 2016) used different security features due to the difference between the execution environments. In the context of a security application, we are looking for a portable framework for malware detection based on the behavioral reports across a variety of platforms, architectures, and execution environments. The security analyst would be able to rely on this plug-and-play framework with a minimum effort in terms of feature engineerning. We plug the behavioral analysis reports for the training. Afterward, we employ the produced classification model on new reports without an explicit security feature engineering as in Chen et al. (Stormdroid: A streaminglized machine learning-based system for detecting android malware, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, May 30–June 3, 2016 (2016), pp. 377–388), Kolbitsch et al. (Effective and efficient malware detection at the end host, in USENIX Security Symposium (2009), pp. 351–366) and Chen et al. (POSTER: semi-supervised classification for dynamic android malware detection, in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, October 30–November 03, 2017 (2017), pp. 2479–2481). This previous process works virtually on any behavioral reports.

Published
2021

30. Robust Android Malicious Community Fingerprinting

Author

Djedjiga Mouheb, Abdelouahid Derhab, ElMouatez Billah Karbab, and Mourad Debbabi

Subjects
ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Security framework, Software_OPERATINGSYSTEMS, Payload, Computer science, Android malware, Window (computing), Malware, Android (operating system), Adversary, Computer security, computer.software_genre, computer
Abstract

Security practitioners can combat large-scale Android malware by decreasing the analysis window size of newly detected malware. The window starts from the first detection until signature generation by anti-malware vendors. The larger the window is, the more time the malicious apps are given to spread over the users’ devices. Current state-of-the-art techniques have a large analysis window due to the significant number of Android malware appearing daily. Besides, these techniques use manual analysis in some cases to investigate malware. Therefore, decreasing the need for manual detection could significantly reduce the analysis window. To address the aforementioned issue, we elaborate systematic techniques and tools for the detection of both known family apps and new malware family apps (i.e., variants of existing families or unseen malware). To do so, we rely on the assumption that any pair of Android apps, with distinct authors and certificates, are most likely to be malicious if they are highly similar. Because the adversary usually repackages multiple app packages with the same malicious payload to hide it from anti-malware and vetting systems. Consequently, it is difficult to detect such malicious payloads from benign functionalities of a given Android package. Accordingly, a pair of Android apps should not be very similar in their components, excluding popular libraries. This observation, as mentioned earlier, could be used to design and develop a security framework to detect Android malware apps.

Published
2021

31. Fingerprinting Android Malware Packages

Author

Abdelouahid Derhab, Mourad Debbabi, Djedjiga Mouheb, and ElMouatez Billah Karbab

Subjects
MD5, Computer science, Fingerprint (computing), Hash function, Cryptographic hash function, Malware, Context (language use), Data mining, computer.software_genre, computer, Fuzzy logic, Compiled language
Abstract

A fuzzy (hashing) or approximate fingerprint of binary software is a digest that captures its static content, in similar manner to cryptographic hashing fingerprints such as MD5 and SHA1. Still, the fuzzy fingerprint change is virtually linear to the change in the binary content. In other words, smaller changes in the static content of the malware will cause a minor change in the computed fuzzy fingerprint. In the context of cybersecurity, this is an important property that helps in detecting polymorphic malware attacks. Current fuzzy fingerprints such as ssdeep (https://ssdeep-project.github.io/ssdeep/index.html) are computed for the app binary as a whole, which makes them less effective for detecting malicious app variations. This problem gets complicated in the case of Android OS due to the apps packaging structure, which contains not only the actual compiled code but also other content such as media files. To overcome this limitation, we propose an effective and broad fuzzy fingerprint that captures not only binary features but also the underneath structure and semantics of the APK package.

Published
2021

32. Android Malware Detection Using Static Features and Machine Learning

Author

Djedjiga Mouheb and Ali Al Zaabi

Subjects
business.industry, Computer science, 05 social sciences, Decision tree, 050801 communication & media studies, computer.software_genre, Machine learning, Random forest, 0508 media and communications, Android malware, 0502 economics and business, Malware, 050211 marketing, Artificial intelligence, Android (operating system), business, computer
Abstract

Smartphones are prone to cyber-attacks using malware applications, this can compromise the security of the phone thus affecting the privacy of any personal or financial information. Machine learning has proven to work in various fields including security. In this paper we propose a machine learning for android malware detection where the main focus is to use various static features of Android Application Package (APK). Features such as permissions, API calls, services, opcodes, and activities to train different machine learning models to classify an APK file as malware or benign. We found among the experimented machine learning models, we found that the Gaussian Process showed the most promising results followed by Random Forest and Decision Trees.

Published
2020

33. Identifying Reused Functions in Binary Code

Author

Lingyu Wang, Amr M. Youssef, Lina Nouh, He Huang, Saed Alrabaee, Paria Shirani, Mourad Debbabi, Djedjiga Mouheb, Aiman Hanna, and Ashkan Rahimian

Subjects
Reverse engineering, Theoretical computer science, business.industry, Computer science, Binary number, computer.software_genre, Data structure, Graph, Software, Malware, Control flow graph, Binary code, business, computer
Abstract

Discovering reused binary functions is crucial for many security applications, especially considering the fact that many modern malware typically contain a significant amount of functions borrowed from open-source software packages. This process will not only reduce the odds of common libraries leading to false correlations between unrelated code bases but also improve the efficiency of reverse engineering. We introduce a system for fingerprinting reused functions in binary code. More specifically, we introduce a new representation, namely, the semantic integrated graph (SIG), which integrates control flow graph, register flow graph, function-call graph, and other structural information, into a joint data structure. Such a comprehensive representation captures different semantic descriptors of common functionalities in a unified manner as graph traces of SIG graphs.

Published
2020

34. Binary Code Fingerprinting for Cybersecurity

Author

Lingyu Wang, Saed Alrabaee, Amr M. Youssef, Djedjiga Mouheb, Lina Nouh, Mourad Debbabi, Paria Shirani, Ashkan Rahimian, Aiman Hanna, and He Huang

Subjects
Programming language, Computer science, Code (cryptography), Binary code, computer.software_genre, computer
Published
2020

35. Clone Detection

Author

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, and Aiman Hanna

Published
2020

36. Authorship Attribution

Author

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, and Aiman Hanna

Published
2020

37. Introduction

Author

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, and Aiman Hanna

Published
2020

38. Library Function Identification

Author

Aiman Hanna, Djedjiga Mouheb, Lina Nouh, He Huang, Ashkan Rahimian, Paria Shirani, Amr M. Youssef, Lingyu Wang, Saed Alrabaee, and Mourad Debbabi

Subjects
Reverse engineering, Computer science, business.industry, media_common.quotation_subject, computer.software_genre, Automation, Identification (information), Software, Vulnerability assessment, Code (cryptography), Data mining, Malware analysis, Function (engineering), business, computer, media_common
Abstract

Program binaries typically contain a significant amount of library functions taken from standard libraries or free open-source software packages. Automatically identifying such library functions not only enhances the quality and efficiency of threat analysis and reverse engineering tasks, but also improves their accuracy by avoiding false correlations between irrelevant code bases. Furthermore, such automation has a strong positive impact in other applications such as clone detection, function fingerprinting, authorship attribution, vulnerability analysis, and malware analysis.

Published
2020

39. Function Fingerprinting

Author

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, and Aiman Hanna

Published
2020

40. Free Open-Source Software Fingerprinting

Author

He Huang, Lingyu Wang, Aiman Hanna, Djedjiga Mouheb, Paria Shirani, Amr M. Youssef, Lina Nouh, Saed Alrabaee, Ashkan Rahimian, and Mourad Debbabi

Subjects
Source code, Computer science, business.industry, media_common.quotation_subject, Fingerprint (computing), Digital forensics, computer.software_genre, Software license, Obfuscation (software), Software, Code refactoring, Malware, Software engineering, business, computer, media_common
Abstract

This chapter presents an approach to fingerprint free open-source software (FOSS) packages. FOSS package identification is crucial for several important security applications, e.g., digital forensics, software license infringement, and malware detection. However, existing function identification approaches are insufficient for this purpose due to various challenges in applying practical methods of data mining and database searching, especially when the source code is inaccessible. Moreover, the task of automated detection of FOSS packages becomes more complicated with the introduction of obfuscation techniques, the use of different compilers and compilation settings, and software refactoring techniques.

Published
2020

41. Conclusion

Author

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, and Aiman Hanna

Published
2020

42. Binary Analysis Overview

Author

Aiman Hanna, Lina Nouh, Mourad Debbabi, Ashkan Rahimian, Djedjiga Mouheb, Amr M. Youssef, He Huang, Lingyu Wang, Saed Alrabaee, and Paria Shirani

Subjects
Reverse engineering, Information retrieval, Source code, Computer science, Process (engineering), media_common.quotation_subject, Digital forensics, Software license, computer.software_genre, Data flow diagram, Malware, Binary code, computer, media_common
Abstract

When the source code is unavailable, it is important for security applications, such as malware detection, software license infringement, vulnerability analysis, and digital forensics to be able to efficiently extract meaningful fingerprints from the binary code. Such fingerprints will enhance the effectiveness and efficiency of reverse engineering tasks as they can provide a range of insights into the program binaries. However, a great deal of important information will likely be lost during the compilation process, including variable and function names, the original control and data flow structures, comments, and layout. In this chapter, we provide a comprehensive review of existing binary code fingerprinting frameworks. As such, we systematize the study of binary code fingerprints based on the most important dimensions: the applications that motivate it, the approaches used and their implementations, the specific aspects of the fingerprinting framework, and how the results are evaluated.

Published
2020

43. Compiler Provenance Attribution

Author

Saed Alrabaee, Lina Nouh, Aiman Hanna, Mourad Debbabi, Lingyu Wang, Djedjiga Mouheb, He Huang, Paria Shirani, Ashkan Rahimian, and Amr M. Youssef

Subjects
Reverse engineering, Identification (information), Syntax (programming languages), Semantics (computer science), Computer science, Programming language, Component (UML), Compiler, Malware analysis, computer.software_genre, computer, Toolchain
Abstract

Compiler identification is an essential component of binary toolchain analysis with a multitude of applications in reverse engineering and malware analysis. Security investigators and cyber incident responders are often tasked with the analysis and attribution of binary files obtained from malicious campaigns which need to be inspected quickly and reliably. Such binaries can be a source of intelligence on adversary tactics, techniques, and procedures. Compiler provenance information can aid binary analysis by uncovering fingerprints of the development environment and related libraries, leading to an accelerated analysis. In this chapter, we present BinComp, which provides a practical approach for analyzing the syntax, structure, and semantics of disassembled functions to extract compiler provenance.

Published
2020

44. MalDozer: Automatic framework for android malware detection using deep learning

Author

Mourad Debbabi, Djedjiga Mouheb, ElMouatez Billah Karbab, and Abdelouahid Derhab

Subjects
Computer science, business.industry, Deep learning, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Computer security, Popularity, Computer Science Applications, Medical Laboratory Technology, Android malware, Server, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Artificial intelligence, False positive rate, Internet of Things, business, Law, computer
Abstract

Android OS experiences a blazing popularity since the last few years. This predominant platform has established itself not only in the mobile world but also in the Internet of Things (IoT) devices. This popularity, however, comes at the expense of security, as it has become a tempting target of malicious apps. Hence, there is an increasing need for sophisticated, automatic, and portable malware detection solutions. In this paper, we propose MalDozer, an automatic Android malware detection and family attribution framework that relies on sequences classification using deep learning techniques. Starting from the raw sequence of the app's API method calls, MalDozer automatically extracts and learns the malicious and the benign patterns from the actual samples to detect Android malware. MalDozer can serve as a ubiquitous malware detection system that is not only deployed on servers, but also on mobile and even IoT devices. We evaluate MalDozer on multiple Android malware datasets ranging from 1 K to 33 K malware apps, and 38 K benign apps. The results show that MalDozer can correctly detect malware and attribute them to their actual families with an F1-Score of 96%–99% and a false positive rate of 0.06%–2%, under all tested datasets and settings.

Published
2018

45. Real-Time Detection of Cyberbullying in Arabic Twitter Streams

Author

Ibrahim Kamel, Maya Hilal Abushamleh, Zaher Al Aghbari, Djedjiga Mouheb, and Masa Hilal Abushamleh

Subjects
Focus (computing), Computer science, business.industry, Arabic, Internet privacy, 02 engineering and technology, English language, language.human_language, Suicide thoughts, Cybercrime, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, language, 020201 artificial intelligence & image processing, Relevance (information retrieval), Set (psychology), business, Psychological abuse
Abstract

Cyberbullying is a form of psychological abuse, which is very dangerous as the victims of cyberbullying, especially children and teenagers, suffer from many mental issues that could lead to suicide thoughts. Cyberbullying is also becoming a significant issue in the Middle East. Existing contributions for cyberbullying detection focus mainly on English language. This paper presents an approach to detect cyberbullying in Arabic Twitter streams in real-time. In addition, it classifies the bullying messages based on their strength. In case a cyberbullying message is detected, the system notifies the user and proposes a set of actions to take based on the strength of the bullying message. We demonstrate the relevance of the proposed approach by showing how it could be used by a parent to monitor his kids' activities and get notified in case a suspicious activity is detected. The experiments show that the proposed system was able to effectively identify the cyberbullying messages in near real-time.

Published
2019

46. Cybersecurity Curriculum Design: A Survey

Author

Sohail Abbas, Madjid Merabti, and Djedjiga Mouheb

Subjects
medicine.anatomical_structure, ComputingMilieux_THECOMPUTINGPROFESSION, Multidisciplinary approach, Political science, ComputingMilieux_COMPUTERSANDEDUCATION, medicine, Globe, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, Curriculum, computer
Abstract

The threat of cyber attacks continue to grow with the increasing number of sophisticated and successful targeted cyber attacks throughout the globe. To address this issue, there is a dire need for cybersecurity professionals with adequate motivation and skills to prevent, detect, respond, or even mitigate the effect of such threats. To this end, several cybersecurity educational programs and concentrations have been established over the past years both at the graduate and undergraduate levels. Moreover, a number of initiatives taken by the government standard bodies in the cybersecurity domain have emerged to help in framing cybersecurity education. Due to the interdisciplinary (and sometimes multidisciplinary) nature of cybersecurity, educational institutions face many issues when designing a cybersecurity curriculum. In this context, we believe that there is a desideratum to provide a big picture of the overall efforts done so far in the direction of cybersecurity curriculum design. In this paper, we present an overview and comparison of existing curriculum design approaches for cybersecurity education. This survey will help the researchers and educators to have an overview of the existing approaches for the purpose of developing a suitable and more effective cybersecurity curriculum in their future endeavour.

Published
2019

47. Fingerprinting Android packaging: Generating DNAs for malware detection

Author

ElMouatez Billah Karbab, Mourad Debbabi, and Djedjiga Mouheb

Subjects
Fuzzy hashing, Computer science, Hash function, 020207 software engineering, 02 engineering and technology, computer.software_genre, Computer security, Malware, Mobile, Computer Science Applications, Detection, Medical Laboratory Technology, Android, 020204 information systems, Android malware, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), Fingerprinting, computer, Family attribution, Law
Abstract

Android's market experienced exponential popularity during the last few years. This blazing growth has, unfortunately, opened the door to thousands of malicious applications targeting Android devices everyday. Moreover, with the increasing sophistication of today's malware, the use of traditional hashing techniques for Android malware fingerprinting becomes defenseless against polymorphic malicious applications. Inspired by fuzzy hashing techniques, we propose, in this paper, a novel and comprehensive fingerprinting approach for Android packaging APK. The proposed fingerprint captures, not only the binary features of the APK file, but also the underlying structure of the app. Furthermore, we leverage this fingerprinting technique to build ROAR, an automatic system for Android malware detection and family attribution. Our experiments show that the proposed fingerprint and the ROAR system achieve a precision of 95%.

Published
2016
Full Text
View/download PDF

48. Scalable and robust unsupervised android malware fingerprinting using community-based network partitioning

Author

Abdelouahid Derhab, Mourad Debbabi, ElMouatez Billah Karbab, and Djedjiga Mouheb

Subjects
Community based, General Computer Science, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Machine learning, Mobile malware, Android malware, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Artificial intelligence, Android (operating system), business, Law, computer
Abstract

The daily amount of Android malicious applications (apps) targeting the app repositories is increasing, and their number is overwhelming the process of fingerprinting. To address this issue, we propose an enhanced Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building a scalable and obfuscation resilient similarity network infrastructure of malicious apps. Our approach is based on our proposed concept, namely malicious community, in which we consider malicious instances that share common features are the most likely part of the same malware family. Using this concept, we presumably assume that multiple similar Android apps with different authors are most likely to be malicious. Specifically, Cypider leverages this assumption for the detection of variants of known malware families and zero-day malicious apps. Cypider applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and possibly malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a one-class machine learning model for each malicious community. Besides, we proposed an enhanced Cypider framework, which requires less memory, ≈ x650%, and less time to build the similarity network, ≈ x700, compared to the original version, without affecting the fingerprinting performance of the framework. We introduce a systematic approach to locate the best threshold on different feature content vectors, which simplifies the overall detection process. Cypider shows excellent results by detecting 60 % − 80 % coverage of the malware dataset in one detection iteration with higher precision 85 % − 99 % in the detected malicious communities. On the other hand, the community fingerprints are promising as we achieved 86%, 93%, and 94% in the detection of the malware family, general malware, and benign apps respectively.

Published
2020

49. Detection of Bots in Social Media: A Systematic Review

Author

Zaher Al Aghbari, Mariam Orabi, Ibrahim Kamel, and Djedjiga Mouheb

Subjects
Computer science, business.industry, Integrated systems, 02 engineering and technology, Library and Information Sciences, Management Science and Operations Research, Public opinion, Data science, Computer Science Applications, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, 020201 artificial intelligence & image processing, Social media, business, Information Systems
Abstract

Social media bots (automated accounts) attacks are organized crimes that pose potential threats to public opinion, democracy, public health, stock market and other disciplines. While researchers are building many models to detect social media bot accounts, attackers, on the other hand, evolve their bots to evade detection. This everlasting cat and mouse game makes this field vibrant and demands continuous development. To guide and enhance future solutions, this work provides an overview of social media bots attacks, current detection methods and challenges in this area. To the best of our knowledge, this paper is the first systematic review based on a predefined search strategy, which includes literature concerned about social media bots detection methods, published between 2010 and 2019. The results of this review include a refined taxonomy of detection methods, a highlight of the techniques used to detect bots in social media and a comparison between current detection methods. Some of the gaps identified by this work are: the literature mostly focus on Twitter platform only and rarely use methods other than supervised machine learning, most of the public datasets are not accurate or large enough, integrated systems and real-time detection are required, and efforts to spread awareness are needed to arm legitimate users with knowledge.

Published
2020

50. Detection of Offensive Messages in Arabic Social Media Communications

Author

Shaheen Al Qaraghuli, Zaher Al Aghbari, Rutana Ismail, Ibrahim Kamel, and Djedjiga Mouheb

Subjects
Scheme (programming language), Arabic, Computer science, business.industry, media_common.quotation_subject, Internet privacy, Offensive, Context (language use), 02 engineering and technology, Popularity, language.human_language, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, language, 020201 artificial intelligence & image processing, Social media, Function (engineering), business, computer, Mobile device, media_common, computer.programming_language
Abstract

The popularity of social networks, such as Facebook, Twitter and Instagram, has dramatically increased during the last years, especially with the exponential growth in smartphones and mobile devices. This has, in turn, opened the door to numerous cyber threats specifically targeting social media users. Cyberbullying is an example of such threat impacting children, teenagers and young adults. Recently, this threat has also become a significant issue in the Arab world, especially with the wide adoption of social media by the young generation. Unfortunately, most existing research contributions detect cyberbullying in English language. These contributions are not relevant in our context due to the differences in the culture and the environment surrounding the users. This paper proposes a scheme for the detection of cyberbullying in Arabic social media streams. The proposed scheme detects cyberbullying comments based on a corpus of bullying and aggressive keywords. In addition, the bullying comments are classified according to their strength into three classes, namely mild, medium, and strong, using a weighted function. We evaluate the proposed scheme using real dataset, collected from Youtube and Twitter. The experiments show that the proposed scheme can accurately identify most of the bullying comments.

Published
2018

Catalog

Books, media, physical & digital resources
See catalog results