Search

Your search keyword '"Rossilawati Sulaiman"' showing total 50 results
Start Over Author "Rossilawati Sulaiman"
50 results on '"Rossilawati Sulaiman"'

1. An Explainable Ensemble Deep Learning Approach for Intrusion Detection in Industrial Internet of Things

Author

Mousa'B Mohammad Shtayat, Mohammad Kamrul Hasan, Rossilawati Sulaiman, Shayla Islam, and Atta Ur Rehman Khan

Subjects
Explanation AI (XAI), intrusion detection systems (IDS), SHapley additive explanations (SHAP), local comprehensible model-independent clarifications (LIME), ensemble learning, CNN, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Ensuring the security of critical Industrial Internet of Things (IIoT) systems is of utmost importance, with a primary focus on identifying cyber-attacks using Intrusion Detection Systems (IDS). Deep learning (DL) techniques are frequently utilized in the anomaly detection components of IDSs. However, these models often generate high false-positive rates, and their decision-making rationale remains opaque, even to experts. Gaining insights into the reasons behind an IDS’s decision to block a specific packet can aid cybersecurity professionals in assessing the system’s effectiveness and creating more cyber-resilient solutions. In this paper, we offer an explainable ensemble DL-based IDS to improve the transparency and robustness of DL-based IDSs in IIoT networks. The framework incorporates Shapley additive explanations (SHAP) and Local comprehensible-independent Clarifications (LIME) methods to elucidate the decisions made by DL-based IDSs, providing valuable insights to experts responsible for maintaining IIoT network security and developing more cyber-resilient systems. The ToN_IoT dataset was used to evaluate the efficacy of the suggested framework. As a baseline intrusion detection system, the extreme learning machines (ELM) model was implemented and compared with other models. Experiments show the effectiveness of ensemble learning to improve the results.

Published
2023
Full Text
View/download PDF

2. Social Engineering Attacks Prevention: A Systematic Literature Review

Author

Wenni Syafitri, Zarina Shukur, Umi Asma' Mokhtar, Rossilawati Sulaiman, and Muhammad Azwan Ibrahim

Subjects
Social engineering attacks prevention, systematic literature review, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Social engineering is an attack on information security for accessing systems or networks. Social engineering attacks occur when victims do not recognize methods, models, and frameworks to prevent them. The current research explains user studies, constructs, evaluation, concepts, frameworks, models, and methods to prevent social engineering attacks. Unfortunately, there is no specific previous research on preventing social engineering attacks that effectively and systematically analyze it. Current prevention methods, models, and frameworks of social engineering attacks include health campaigns, human as security sensor frameworks, user-centric frameworks, and user vulnerability models. The human as a security sensor framework needs guidance that will explore cybersecurity as super-recognizers, likely policing act for a secure system. This paper intends to critically and rigorously review prior literature on the prevention methods, models, and frameworks of social engineering attacks. We conducted a systematic literature review based on Bryman & Bell’s literature review method. We found a new approach in addition to methods, frameworks, models and evaluations to prevent social engineering attacks based on our review, which is using a protocol. We found the protocol to effectively prevent social engineering attacks, such as health campaigns, the vulnerability of social engineering victims, and co-utile protocol, which can manage information sharing on a social network. We present this systematic literature review to recommend ways to prevent social engineering attacks.

Published
2022
Full Text
View/download PDF

3. Lightweight Encryption Technique to Enhance Medical Image Security on Internet of Medical Things Applications

Author

Mohammad Kamrul Hasan, Shayla Islam, Rossilawati Sulaiman, Sheroz Khan, Aisha-Hassan Abdalla Hashim, Shabana Habib, Mohammad Islam, Saleh Alyahya, Musse Mohamed Ahmed, Samar Kamil, and Md Arif Hassan

Subjects
Internet of Medical Things, medical image encryption, lightweight encryption, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

The importance of image security in the field of medical imaging is challenging. Several research works have been conducted to secure medical healthcare images. Encryption, not risking loss of data, is the right solution for image confidentiality. Due to data size limitations, redundancy, and capacity, traditional encryption techniques cannot be applied directly to e-health data, especially when patient data are transferred over the open channels. Therefore, patients may lose the privacy of data contents since images are different from the text because of their two particular factors of loss of data and confidentiality. Researchers have identified such security threats and have proposed several image encryption techniques to mitigate the security problem. However, the study has found that the existing proposed techniques still face application-specific several security problems. Therefore, this paper presents an efficient, lightweight encryption algorithm to develop a secure image encryption technique for the healthcare industry. The proposed lightweight encryption technique employs two permutation techniques to secure medical images. The proposed technique is analyzed, evaluated, and then compared to conventionally encrypted ones in security and execution time. Numerous test images have been used to determine the performance of the proposed algorithm. Several experiments show that the proposed algorithm for image cryptosystems provides better efficiency than conventional techniques.

Published
2021
Full Text
View/download PDF

4. A Review on Text Steganography Techniques

Author

Mohammed Abdul Majeed, Rossilawati Sulaiman, Zarina Shukur, and Mohammad Kamrul Hasan

Subjects
text steganography, data hiding, format-based, linguistic, random and statistic, Mathematics, QA1-939
Abstract

There has been a persistent requirement for safeguarding documents and the data they contain, either in printed or electronic form. This is because the fabrication and faking of documents is prevalent globally, resulting in significant losses for individuals, societies, and industrial sectors, in addition to national security. Therefore, individuals are concerned about protecting their work and avoiding these unlawful actions. Different techniques, such as steganography, cryptography, and coding, have been deployed to protect valuable information. Steganography is an appropriate method, in which the user is able to conceal a message inside another message (cover media). Most of the research on steganography utilizes cover media, such as videos, images, and sounds. Notably, text steganography is usually not given priority because of the difficulties in identifying redundant bits in a text file. To embed information within a document, its attributes must be changed. These attributes may be non-displayed characters, spaces, resized fonts, or purposeful misspellings scattered throughout the text. However, this would be detectable by an attacker or other third party because of the minor change in the document. To address this issue, it is necessary to change the document in such a manner that the change would not be visible to the eye, but could still be decoded using a computer. In this paper, an overview of existing research in this area is provided. First, we provide basic information about text steganography and its general procedure. Next, three classes of text steganography are explained: statistical and random generation, format-based methodologies, and linguistics. The techniques related to each class are analyzed, and particularly the manner in which a unique strategy is provided for hiding secret data. Furthermore, we review the existing works in the development of approaches and algorithms related to text steganography; this review is not exhaustive, and covers research published from 2016 to 2021. This paper aims to assist fellow researchers by compiling the current methods, challenges, and future directions in this field.

Published
2021
Full Text
View/download PDF

5. A Conceptual and Systematics for Intelligent Power Management System-Based Cloud Computing: Prospects, and Challenges

Author

Ahmed Hadi Ali AL-Jumaili, Yousif I. Al Mashhadany, Rossilawati Sulaiman, and Zaid Abdi Alkareem Alyasseri

Subjects
power management, state of charge, battery aging, dc-device, power consumption, renewable energy, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999
Abstract

This review describes a cloud-based intelligent power management system that uses analytics as a control signal and processes balance achievement pointer, and describes operator acknowledgments that must be shared quickly, accurately, and safely. The current study aims to introduce a conceptual and systematic structure with three main components: demand power (direct current (DC)-device), power mix between renewable energy (RE) and other power sources, and a cloud-based power optimization intelligent system. These methods and techniques monitor demand power (DC-device), load, and power mix between RE and other power sources. Cloud-based power optimization intelligent systems lead to an optimal power distribution solution that reduces power consumption or costs. Data has been collected from reliable sources such as Science Direct, IEEE Xplore, Scopus, Web of Science, Google Scholar, and PubMed. The overall findings of these studies are visually explained in the proposed conceptual framework through the literature that are considered to be cloud computing based on storing and running the intelligent systems of power management and mixing.

Published
2021
Full Text
View/download PDF

11. VARIANTS OF NEURAL NETWORKS: A REVIEW

Author

Bahera Hani Nayef, Siti Norul Huda Sheikh Abdullah, Rossilawati Sulaiman, and Zaid Abdi Al Kareem Alyasseri

Subjects
General Computer Science
Abstract

Machine learning (ML) techniques are part of artificial intelligence. ML involves imitating human behavior in solving different problems, such as object detection, text handwriting recognition, and image classification. Several techniques can be used in machine learning, such as Neural Networks (NN). The expansion in information technology enables researchers to collect large amounts of various data types. The challenging issue is to uncover neural network parameters suitable for object detection problems. Therefore, this paper presents a literature review of the latest proposed and developed components in neural network techniques to cope with different sizes and data types. A brief discussion is also introduced to demonstrate the different types of neural network parameters, such as activation functions, loss functions, and regularization methods. Moreover, this paper also uncovers parameter optimization methods and hyperparameters of the model, such as weight, the learning rate, and the number of iterations. From the literature, it is notable that choosing the activation function, loss function, number of neural network layers, and data size is the major factor affecting NN performance. Additionally, utilizing deep learning NN resulted in a significant improvement in model performance for a variety of issues, which became the researcher's attention.

Published
2022

13. Optimized leaky ReLU for handwritten Arabic character recognition using convolution neural networks

Author

Rossilawati Sulaiman, Bahera H. Nayef, Siti Norul Huda Sheikh Abdullah, and Zaid Abdi Alkareem Alyasseri

Subjects
Artificial neural network, Computer Networks and Communications, business.industry, Computer science, Deep learning, Activation function, Normalization (image processing), Pattern recognition, Filter (signal processing), Convolutional neural network, Convolution, Hardware and Architecture, Media Technology, Artificial intelligence, business, Software, MNIST database
Abstract

Object classification, such as handwritten Arabic character recognition, is a computer vision application. Deep learning techniques such as convolutional neural networks (CNNs) are employed in character recognition to overcome the processing complexity with traditional methods. Usually, a CNN is followed by an activation function such as a rectified linear unit (ReLU) or leaky ReLU to filter the extracted features. Most handwritten character recognition endures an imbalanced number of positive and negative vectors. This issue decreases CNN performance when adopting ReLU and leaky ReLU for the next deep layers in the architecture. Hence, this study proposed an optimized leaky ReLU to retain more negative vectors using a CNN architecture with a batch normalization layer to address this weakness. To evaluate the proposed method, four datasets are used: Arabic Handwritten Characters Dataset (AHCD), self-collected, Modified National Institute of Standards and Technology (MNIST), and AlexU Isolated Alphabet (AIA9K). The proposed method shows significant performance in terms of accuracy, precision, and recall measures compared to the state-of-art methods. The results showed outstanding improvement over the known leaky ReLU as follows: 99% for AHCD, 95.4% for self-collected data, 90% for HIJJA dataset and 99% for Digit MNIST. The proposed CNN architecture with the proposed optimized leaky ReLU showed a stable accuracy performance and error rates between the training, validation, and testing phases. This indicates that most samples are trained and classified correctly.

Published
2021

21. Machine Learning-Based Technique to Detect SQL Injection Attack

Author

Muhammad Amirulluqman Azman, Mohd Fadzli Marhusin, and Rossilawati Sulaiman

Subjects
Training set, Computer Networks and Communications, business.industry, Computer science, Detector, Data theft, Machine learning, computer.software_genre, Knowledge base, Artificial Intelligence, SQL injection, Test set, Artificial intelligence, business, computer, Software, Statistic, Test data
Abstract

Lack of secure codes implemented in the web apps will lead to cyber-attack because of vulnerabilities. The statistic shows that highest record on the data theft related cyber-attacks are through the SQL injection technique. Hence, an effective SQL injection detection is needed in any web system to combat this threat. In this research, machine learning technique is used where training is provided to the SQL injection detector using a training data and then is evaluated against a testing data. The research relies on the preparation of the training and testing datasets. Training sets are used by the detector to establish the knowledge base and the test set is used to evaluate the performance of the detector. The result of the detection shows that the proposed technique produces high accuracy in recognizing malicious and benign web requests.

Published
2021

23. A Conceptual and Systematics for Intelligent Power Management System-Based Cloud Computing: Prospects, and Challenges

Author

Rossilawati Sulaiman, Yousif I. Al Mashhadany, Zaid Abdi Alkareem Alyasseri, and Ahmed Hadi Ali AL-Jumaili

Subjects
Power management, Technology, Computer science, QH301-705.5, QC1-999, Cloud computing, General Materials Science, battery aging, Biology (General), Instrumentation, dc-device, QD1-999, Power management system, Fluid Flow and Transfer Processes, business.industry, Process Chemistry and Technology, Physics, General Engineering, Intelligent decision support system, power consumption, state of charge, Engineering (General). Civil engineering (General), renewable energy, Computer Science Applications, Power optimization, Renewable energy, Chemistry, Conceptual framework, Analytics, Systems engineering, power management, TA1-2040, business
Abstract

This review describes a cloud-based intelligent power management system that uses analytics as a control signal and processes balance achievement pointer, and describes operator acknowledgments that must be shared quickly, accurately, and safely. The current study aims to introduce a conceptual and systematic structure with three main components: demand power (direct current (DC)-device), power mix between renewable energy (RE) and other power sources, and a cloud-based power optimization intelligent system. These methods and techniques monitor demand power (DC-device), load, and power mix between RE and other power sources. Cloud-based power optimization intelligent systems lead to an optimal power distribution solution that reduces power consumption or costs. Data has been collected from reliable sources such as Science Direct, IEEE Xplore, Scopus, Web of Science, Google Scholar, and PubMed. The overall findings of these studies are visually explained in the proposed conceptual framework through the literature that are considered to be cloud computing based on storing and running the intelligent systems of power management and mixing.

Published
2021

24. A Review of Modern DNA-based Steganography Approaches

Author

Rossilawati Sulaiman, Omar Haitham Alhabeeb, and Fariza Fauzi

Subjects
Information sensitivity, Theoretical computer science, General Computer Science, Steganography, Computer science, Data structure, Field (computer science), Randomness, Image (mathematics), Domain (software engineering), Communication channel
Abstract

In the last two decades, the field of DNA-based steganography has emerged as a promising domain to provide security for sensitive information transmitted over an untrusted channel. DNA is strongly nominated by researchers in this field to exceed other data covering mediums like video, image, and text due to its structural characteristics. Features like enormous hiding capacity, high computational power, and the randomness of its building contents, all sustained to prove DNA supremacy. There are mainly three types of DNA-based algorithms. These are insertion, substitution, and complementary rule-based algorithms. In the last few years, a new generation of DNA-based steganography approaches has been proposed by researchers. These modern algorithms overpass the performance of the old ones either by exploiting a biological factor that exists in the DNA itself or by using a suitable technique available in another field of computer science like artificial intelligence, data structure, networking, etc. The main goal of this paper is to thoroughly analyze these modern DNA-based steganography approaches. This will be achieved by explaining their working mechanisms, stating their pros and cons, and proposing suggestions to improve these methods. Additionally, a biological background about DNA structure, the main security parameters, and classical concealing approaches will be illustrated to give a comprehensive picture of the field.

Published
2021

25. High-Security Image Steganography Technique using XNOR Operation and Fibonacci Algorithm

Author

Faizan Qamar, Ali Abdulzahra Almayyahi, Rossilawati Sulaiman, and Abdulwahhab Essa Hamzah

Subjects
Fibonacci number, General Computer Science, Computer science, Data security, 020207 software engineering, 02 engineering and technology, Huffman coding, Image (mathematics), symbols.namesake, Least significant bit, XNOR gate, 0202 electrical engineering, electronic engineering, information engineering, symbols, Embedding, 020201 artificial intelligence & image processing, Algorithm
Abstract

Since the number of internet users is increasing and sensitive information is exchanging continuously, data security has become a problem. Image steganography is one of the ways to exchange secret data securely using images. However, several issues need to be mitigated, especially in the imperceptibility (security) aspect, which is the process of embedding secret data in the images that can be vulnerable to attacks. This paper focuses on developing a secure method for hiding secret messages in an image, based on the standard Least Significant Bit (LSB). Before proceeding with the embedding stage, the secret message's size is reduced by compression using the Huffman algorithm, followed by two operations, which are the Boolean operation Exclusive-NOR (XNOR) operation and the Fibonacci algorithm when selecting pixels to embed the secret message. As a result of these processes, a stego-image is created with two secret keys. We obtained promising results against standard images with higher Peak Signal-to-Noise Ratio (PSNR) values of 66.6170, 65.8928, and 65.9386 dB for Lena.bmp, Baboon.bmp, and Pepper.bmp, respectively, as compared to other state-of-the-art schemes. The evaluation stage proves the increasing level of security as well as imperceptibility.

Published
2020

26. Issues and Trends in Information Security Policy Compliance

Author

Umi Asma’ Mokhtar, Surayahani Hasnul Bhaharin, Rossilawati Sulaiman, and Maryati Mohd. Yusof

Subjects
Risk analysis (engineering), business.industry, Information and Communications Technology, Best practice, Human error, Information leakage, Social media, The Internet, Information governance, Information security, business
Abstract

In the era of Industry 4.0 (IR 4.0), information leakage has become a critical issue for information security. The basic approach to addressing information leakage threats is to implement an information security policy (ISP) that defines the standards, boundaries, and responsibilities of users of information and technology of an organization. ISPs are one of the most commonly used methods for controlling internal user security behaviours, which include, but not limited to, computer usage ethics; organizational system usage policies; Internet and email usage policies; and the use of social media. Human error is the main security threat to information security, resulting from negligence, ignorance, and failure to adhere to organizational information security policies. Information security incidents are a problem related to human behaviour because technology is designed and operated by humans, presenting the opportunities and spaces for human error. In addition to the factor of human error as the main source of information leakage, this study aims to systematically analyse the fundamental issues of information security policy compliance. An analysis of these papers identifies and categories critical factor that effect an employee’s attitude toward compliance with ISP. The human, process, technology element and information governance should be thought as a significant scope for more efficiency of information security policy compliance and in any further extensive studies to improve on information security policy compliance. Therefore, to ensure these are properly understood, further study is needed to identity the information governance that needs to be included in organizations and current best practices for developing an information security policy compliance within organizations.

Published
2019

27. JPEG image classification in digital forensic via DCT coefficient analysis

Author

Nadeem Alherbawi, Rossilawati Sulaiman, and Zarina Shukur

Subjects
Carving, Computer Networks and Communications, business.industry, Computer science, Digital forensics, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, 020207 software engineering, 02 engineering and technology, computer.file_format, JPEG, Dct coefficient, Hardware and Architecture, JPEG 2000, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, 020201 artificial intelligence & image processing, Computer vision, Artificial intelligence, business, Quantization (image processing), Lossless JPEG, computer, Software
Abstract

From the digital forensics point of view, image forgery is considered as evidence that could provide a major breakthrough in the investigation process. Additionally, the development of storage device technologies has increased storage space significantly. Thus a digital investigator can be overwhelmed by the amount of data on storage devices that needs to be analysed. In this paper, we propose a model for classifying bulk JPEG images produced by the data carving process or other means into three different classes to solve the problem of identifying forgery quickly and effectively. The first class is JPEG images that contain errors or corrupted data, the second class is JPEG images that contain forged regions, and the third is JPEG images that have no signs of corruption or forgery. To test the proposed model, some experiments were conducted on our own dataset in addition to CASIA V2 image forgery dataset. The experiments covered different types of forgery technique. The results yielded around 88% accuracy rate in the classification process using five different machine learning methods on CASIA V2 dataset. It can be concluded that the proposed model can help investigators to automatically classify JPEG images, which reduce the time needed in the overall digital investigation process.

Published
2017

28. Instrumenting API Hooking for a Realtime Dynamic Analysis

Author

Rossilawati Sulaiman, Mohd Fadzli Marhusin, and A F Salah Mohammed

Subjects
Computer science, Operating system, Malware, Instrumentation (computer programming), Executable, computer.file_format, computer.software_genre, computer, Hooking, Portable Executable
Abstract

There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.

Published
2019

29. Evaluation of Peer Robot Communications using CryptoROS

Author

Nor Samsiah Sani, Roham Amini, Afzan Adam, Abdul Hadi Abd Rahman, and Rossilawati Sulaiman

Subjects
0209 industrial biotechnology, General Computer Science, Computer science, business.industry, Passphrase, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Public-key cryptography, Certificate signing request, 020901 industrial engineering & automation, Certificate authority, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, business, computer
Abstract

The demand of cloud robotics makes data encryp-tion essential for peer robot communications. Certain types of data such as odometry, action controller and perception data need to be secured to prevent attacks. However, the introduction of data encryption caused increment of overhead for data stream communication. This paper presents an evaluation of CryptoROS architecture on Robot Operating System (ROS) which focused on peer-to-peer conversations between nodes with confidentiality and integrity violation. OpenSSL is used to create a private key and generate a Certificate Signing Request (CSR) that contains public key and a signature. The CSR is submitted to a Certificate Authority (CA) to chain the root CA certificate and encryption of RSA private key with AES-256 and a passphrase. The protected private key are securely backed up, transported, and stored. Experiments were carried out multiple times with and without the proposed protocol intervention to assess the performance impact of the Manager. The results for different number of messages transmitted each time increased from 100, 250 to 500 with performance impact 1.7%, 0.5% and 0.2%, respectively. It is concluded that CryptoROS capable of protecting messages and service requests from unauthorized intentional alteration with authenticity verification in all components.

Published
2019

30. A Two-stage Malware Detection Architecture Inspired by Human Immune System

Author

Rossilawati Sulaiman, Mohd Fadzli Marhusin, and Mohammed A. F. Salah

Subjects
021110 strategic, defence & security studies, business.industry, Computer science, Detector, Feature extraction, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, 0211 other engineering and technologies, 02 engineering and technology, computer.file_format, computer.software_genre, Knowledge-based systems, Knowledge base, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Ransomware, Malware, 020201 artificial intelligence & image processing, Executable, Architecture, business, computer
Abstract

Malware sophistication is on the rise and continue being a serious threat against privacy, availability and integrity of information. This paper proposed an architecture which consist of two detectors. The first detector observes for malware in general. It will classify an executable if whether it is benign or malign and updates its Knowledge Base dynamically. The second detector is a specialised one, aiming to detect ransomware via its deep scan capability. This detector will be activated if the first detector senses the presence of ransomware pre-execution activities. The detector will decide whether a program is a ransomware or not and dynamically update its Knowledge Base dynamically.

Published
2018

31. Enhancement of Text Steganography Technique Using Lempel-Ziv-Welch Algorithm and Two-Letter Word Technique

Author

Rossilawati Sulaiman, Mohd Rosmadi Mokhtar, and Salwa Shakir Baawi

Subjects
Steganography, Cover (telecommunications), Computer science, 05 social sciences, 050301 education, Lempel–Ziv–Welch, Information security, Unicode, Symbol (chemistry), Information hiding, 0502 economics and business, 0503 education, Algorithm, 050203 business & management, Word (computer architecture)
Abstract

Text steganography is regarded as the most challenging type to hide secret data to a text file because it is not enough unnecessary information compared with other carrier files. This study aimed to deal with the capacity (how much data can be hidden in the cover carrier) and security (the inability of disclosing the data by an unauthorized party) issues of text steganography. Generally, the data hiding capacity of text steganography is limited, and imperceptibility is very poor. Therefore, a new scheme was suggested to improve the two-letter word technique by using the Lempel-Ziv-Welch algorithm. This scheme can hide 4 bits in each position of a two-letter word in the cover text by inserting a nonprinting Unicode symbol. Each two-letter word can have four different locations in the text. Some experiments were conducted on the proposed method (enhancement) and our previous method (two-letter word) to compare their performance applying twelve secret message samples in terms of capacity and Jaro-Winkler. On the other hand, the performance of our proposed method was compared with other related studies in terms of capacity. The results show that the proposed method not only had a high embedding capacity but also reduced the growing size ratio between the original cover and stego cover. In addition, the security of the proposed approach was improved through improving imperceptibility and by using stego-key.

Published
2018

32. Implementation of AES algorithm in QGIS software

Author

Hani Saeed Mohammed Ghaleb, Zarina Shukur, Rossilawati Sulaiman, and Hanis Salwan Mobidin

Subjects
021110 strategic, defence & security studies, Digital mapping, business.industry, Computer science, 0211 other engineering and technologies, Shapefile, Cryptography, 02 engineering and technology, computer.file_format, Encryption, Software, Information system, Data Protection Act 1998, business, computer, Algorithm, Digital watermarking
Abstract

Implementing cryptography on Q-Geographic Information System (QGIS) software is a crucial step to provide the software with an extra layer of protection on digital mapping against duplication from outsiders. With the growth of advancement in technology, copyright can be easily violated by irresponsible people to gain profit illegally. Therefore, this study implements Advance Encryption Standard (AES) algorithm into digital mapping in order to prevent duplication from happening. This is performed by encrypting the original map (called shapefile), and allowing the users to save only the additional information that they added on that particular file. Hence, if the users want to sell the duplication map with some additional information, they have to consult with the owner.

Published
2017

33. Information leakage preventive training

Author

Norhafizah Abu Bakar, Masnizah Mohd, and Rossilawati Sulaiman

Subjects
Password, business.industry, Computer science, Internet privacy, Information technology, Bursary, 02 engineering and technology, Security awareness, Phishing, Information science, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Confidentiality, business, Personally identifiable information
Abstract

Phishing is an attempt to obtain private/confidential information such as usernames, passwords, and financial details. It is often for malicious reasons by disguising as a trustworthy entity in an electronic communication such as email. The chances of obtaining confidential or personal information are higher when website medium combined with email medium in launching phishing attacks. Universiti Kebangsaan Malaysia (UKM) has experienced phishing emails attacks in 2016. Besides technology that focuses on email security, the safety awareness program that meant to provide education to the users especially UKM staffs needs to be enhanced to reduce the risk of thievery on personal data, university confidential information and research data. The simulation approach in a real environment can provide a true picture to the staffs about the serious impact of phishing attacks. The objectives of the simulation are to measure and to educate UKM staffs on the security awareness. We designed a spear phishing simulation procedure with collaboration between the Faculty of Information Science and Technology (FTSM), Information Technology Center, Bursary Department and Department of Registrar, UKM. The simulation was conducted from 11–13 January 2017 with 553 email addresses were identified from five different faculties. There were 209 respondents (38%) who have entered their official ids (captured) and password (not captured). The differences in the number of respondents between science and technology (S&T) faculties and non-S&T faculties indicated the security awareness is in the worrying level. A high percentage of responses among the management and professional group can also be classified as being in an alarming rate. This simulation is the first practice in UKM and it helps to increase awareness and provide education about cyber security.

Published
2017

34. A Framework for a Multi-Layered Security of an Automated Programming Code Assessment Tool

Author

Zul Hilmi Abdullah, Rossilawati Sulaiman, Shaharudin Ismail, Muhammad Firdaus Zul Kafli, and Mohd Fadzli Marhusin

Subjects
Source code, Computer Networks and Communications, business.industry, Computer science, media_common.quotation_subject, Learning environment, Information technology, Cryptography, Workload, Computer security, computer.software_genre, Artificial Intelligence, Quality (business), Software engineering, business, computer, Mobile device, Implementation, Software, media_common
Abstract

In a learning environment, a low student-lecturer ratio is considered a practical solution by many educational institutions. However, the number of students in information technology is increasing every year. This could lead to a significant increase in the workload of lecturers, who need to evaluate assignments, quizzes and projects. Hence, it is desirable that an automated assessment tool is used to lessen their workload. In the era where mobile devices are getting popularity, the high demand to execute suitable quality code is there and the cost is on the processing power of the CPU which has a direct implication on the power source or the battery used. With various implementations of cryptography algorithms available, many of them could satisfy different level of needs. In this research, we introduce the architecture for a multi-layered security of automated assessment of programming code. First, we review the existing research studies in the area. We describe the features of the tool, as part of a complex e-learning environment. We also discuss the implementation of security, to protect data transmission and storage used by the tool. Challenges the system might face and the potential solutions, are also described.

Published
2015

35. DESIGN AND IMPLEMENTATION OF THE TPM USER AUTHENTICATION MODEL

Author

Mohd Rosmadi Mokhtar, Rossilawati Sulaiman, Marwan Alshare, and Abdullah MohdZin

Subjects
Password, Authentication, Software_OPERATINGSYSTEMS, Computer Networks and Communications, business.industry, Computer science, Trusted Computing, Virtualization, computer.software_genre, Encryption, Computer security, Public-key cryptography, Identification (information), Artificial Intelligence, ComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMS, Trusted Platform Module, business, computer, Software
Abstract

The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to assure end users of their privacy and confidentiality. Although the TPM is designed to prevent software attacks, the TPM itself is vulnerable to physical attacks that could enable intruders to gain access to confidential data. In general, the TPM provides an ID and implements a password identification technique to prevent unauthorized users from gaining access to the TPM. The TPM user authentication is carried out by the TPM itself, which exposes the TPM to direct risk as highly skilled intruders can break the authentication line of defence and gain access to the TPM. The process of encrypting and decrypting information, especially when asymmetric algorithms are used, is viewed as a process that consumes time and resources, which decreases the speed of the computer. In order to solve the problems, a TPM User Authentication Model (TPM-UAM) that can provide the TPM with a higher level of security and resistance against physical attacks has been proposed as we proposed in our previous research paper (Alshar’e et al., 2014). The technique is based on biometric authentication to prove the identity of the users and to allow the process of authentication to happen at an independent platform using virtualization that will keep the TPM out of reach until a user is completely verified and approved. The TPM-UAM is able to provide a more satisfactory level of confidence for data and processes that can be rated as highly confidential and private. The model was successfully developed and tested and the results confirmed the model efficiency and ability to secure TPM and all functions have been confirmed to be working perfectly according to what they were designed for. This paper describes the design and implementation of TPM-UAM system based on the proposed authentication model, virtualization has been implemented to create authentication platform to prevent direct interaction with TPM and biometrics has been implemented to verify identities and supervise running TPM, the system testing results in confirming the system functionality and ability to secure and protect TPM.

Published
2014

36. A USER PROTECTION MODEL FOR THE TRUSTED COMPUTING ENVIRONMENT

Author

Rossilawati Sulaiman, Mohd Rosmadi Mukhtar, Abdullah Mohd Zin, and Marwan Alshare

Subjects
Password, Authentication, Software_OPERATINGSYSTEMS, Computer Networks and Communications, Computer science, Information security, Trusted Computing, Computer security, computer.software_genre, Virtualization, Identification (information), Artificial Intelligence, ComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMS, Trusted Platform Module, computer, Software, Booting
Abstract

Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects computers against unwanted access. TPM is designed to prevent software attacks with minimal consideration being given toward physical attacks. Therefore, TPM focus on PIN password identification to control the physical presence of a user. The PIN Password method is not the ideal user verification method. Evil Maid is one of the attacking methods where a piece of code can be loaded and hidden in the boot loader before loading TPM. The code will then collects confidential information at the next boot and store it or send it to attackers via the network. In order to solve this problem, a number of solutions have been proposed. However, most of these solutions does not provide sufficient level of protection to TPM. In this study we introduce the TPM User Authentication Model (TPM-UAM) that could assist in protecting TPM against physical attack and thus increase the security of the computer system. The proposed model has been evaluated through a focus group discussion consisting of a number of experts. The expert panel has confirmed that the proposed model is sufficient to provide expected level of protection to the TPM and to assist in preventing physical attack against TPM.

Published
2014

37. Secure Architecture for m-Health Communications Using Multi-agent Approach

Author

Rossilawati Sulaiman and Mohd Fadhli Abdul Jalil

Subjects
General Computer Science, business.industry, Computer science, Multi-agent system, General Engineering, Enterprise information security architecture, Computer security, computer.software_genre, Information sensitivity, The Internet, Communication source, Architecture, business, Mobile device, computer, mHealth
Abstract

In this study we propose a security architecture for mobile Health (mHealth) communications. mHealth is a term used for medical-related services or communication, delivered using mobile devices such as mobile phones, tablet computers and PDAs. Communication in the health-related field often involve sensitive information (e.g., an email about a patient's illness is sent between doctors), which is transmitted over the Internet. However, although the Internet greatly facilitates the communication, it is undeniable that the threats to the Internet are becoming more prevalent. A multi-agent security architecture is presented in this study to provide a secure environment for mHealth communication. Agents are skilled in order to handle the communication processes at both sender's and recipient's side. This includes the security processes, which make use of cryptography protocols to secure data at both sides.

Published
2014

38. Enhancing Security in E-Health Communications using Multi-Agent System

Author

Rossilawati Sulaiman, Dat Tran, Wanli Ma, and Dharmendra Sharma

Subjects
Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Multi-agent system, Covert channel, Computer security model, Encryption, Computer security, computer.software_genre, Security information and event management, Security service, Artificial Intelligence, business, computer, Software, Computer network
Abstract

Problem statement: In this study, we address the security needs in on line communications, specifically in the e-health domain. We focus on ho w to provide different security strengths to differ ent types of communications in e-health, where each communication transmits different types of information with different levels of sensitivity. Approach: The Multi-Agent System (MAS) approach is used to develop an agent-based system that can cater for di stributed processes. We use the agents' characteris tics such as autonomous , interactive , extendible and mobile to handle the security processes for users in different environments and devices. We integrate di fferent types of encryption algorithms with differe nt security strengths in order to provide different se curity needs. Results: We present our security model called MAgSeM that consists of eight agents, which are skilled to complete its goal as well as the ove rall system goals autonomously. Conclusion: We conclude that MAgSeM security model is suitable not only for the e-health domain, but also other domains tha t practices online communications.

Published
2012

39. A New Security Model using Multilayer Approach for E-Health Services

Author

Dharmendra Sharma, Rossilawati Sulaiman, Dat Tran, and Wanli Ma

Subjects
Computer Networks and Communications, Computer science, Covert channel, computer.software_genre, Computer security, Asset (computer security), Security information and event management, Logical security, Security testing, Information security audit, Security association, Information security management, Artificial Intelligence, Cloud computing security, business.industry, Information security, Computer security model, Classified information, Information sensitivity, Security service, Human-computer interaction in information security, Security through obscurity, Malware, The Internet, business, computer, Software, Computer network
Abstract

Problem statement: Delivering services online is important in e-health. Services that are delivered through online communications between engaging parties, often involve sensitive information transmitted over the Internet. However, while the Internet successfully facilitates these services, significant threats also come in parallel. Network attacks, information breaches and malicious software on a computer system are common threats to the Internet. These threats can cause severe damage to computer systems and also the information. As we study current security technologies particularly that provide security to online communications, we found out that these technologies do not cater for different kinds of security needs because of the rigid way the security mechanisms are constructed. Therefore, we are interested in developing a security model that facilitates these needs, specifically in e-health. Approach: First, the area where different security requirements are needed are explored, such as the information classification found in ISO17799. This classification is based on the sensitivity levels of the information, where the more sensitive information requires higher security measures compared to the less sensitive information. Then, the information classification is applied to the e-health environment, so that our security model can handle the security processes for each classification. Results: The multilayer communication approach or MLC is the proposed security model. MLC classifies communications in e-health into five categories: Layer 1 to Layer 5 representing extremely sensitive, highly sensitive, medium sensitive, low sensitive and no sensitive data. This classification refers to the different sensitivity of the information exchanged during communications. For example, Extremely Sensitive communication involves exchanging extremely sensitive information, which requires highest security mechanisms, while Low Sensitive communication requires lower security mechanism. Conclusion: MLC provides five different types of security needs, where users can flexibly choose their own security preferences for their online communications, which the current technologies are lacking.

Published
2011

40. Protection of XML-Based Denail-of-Service and Httpflooding Attacks in Web Services Using the Middleware Tool

Author

Abbas Alasri and Rossilawati Sulaiman

Subjects
Service (business), Environmental Engineering, Computer science, computer.internet_protocol, SOAP, General Chemical Engineering, General Engineering, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, computer.software_genre, World Wide Web, Hardware and Architecture, Middleware (distributed applications), 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), 020201 artificial intelligence & image processing, Web service, computer, XML, Biotechnology
Abstract

A web service is defined as the method of communication between the web applications and the clients. Web services are very flexible and scalable as they are independent of both the hardware and software infrastructure. The lack of security protection offered by web services creates a gap which attackers can make use of. Web services are offered on the HyperText Transfer Protocol (HTTP) with Simple Object Access Protocol (SOAP) as the underlying infrastructure. Web services rely heavily on the Extended Mark-up Language (XML). Hence, web services are most vulnerable to attacks which use XML as the attack parameter. Recently, a new type of XML-based Denial-of-Service (XDoS) attacks has surfaced, which targets the web services. The purpose of these attacks is to consume the system resources by sending SOAP requests that contain malicious XML content. Unfortunately, these malicious requests go undetected underneath the network or transportation layers of the Transfer Control Protocol/Internet Protocol (TCP/IP), as they appear to be legitimate packets.In this paper, a middleware tool is proposed to provide real time detection and prevention of XDoS and HTTP flooding attacks in web service. This tool focuses on the attacks on the two layers of the Open System Interconnection (OSI) model, which are to detect and prevent XDoS attacks on the application layer and prevent flooding attacks at the Network layer.The rule-based approach is used to classify requests either as normal or malicious,in order to detect the XDoS attacks. The experimental results from the middleware tool have demonstrated that the rule-based technique has efficiently detected and prevented theattacks of XDoS and HTTP flooding attacks such as the oversized payload, coercive parsing and XML external entities close to real-time such as 0.006s over the web services. The middleware tool provides close to 100% service availability to normal request, hence protecting the web service against the attacks of XDoS and distributed XDoS (DXDoS).\

Published
2018

41. Following the Wi-Fi breadcrumbs: Network based mobile application privacy threats

Author

Rossilawati Sulaiman and Michael Kennedy

Subjects
User information, Computer science, business.industry, Wireless network, Internet privacy, Service provider, Cryptographic protocol, Certificate, Computer security, computer.software_genre, Wireless, Android (operating system), business, Personally identifiable information, computer
Abstract

Users are concerned about the protection of personal information they share with mobile applications. Researchers have previously explored security threats to mobile applications through wireless network access, including the disclosure of personal information through unencrypted traffic, excessive information disclosure to service providers, and flaws in TLS security. This study replicates these security threats and performs an assessment of the potential privacy impact for a sample of 30 Android applications. The results show that disclosure of personal information through unencrypted traffic is a significant risk. Individual applications were found which disclosed a user's identity and application usage, and persistent device identifiers were leaked allowing user information to be linked across applications and wireless sessions. A small number of applications disclosed inappropriate amounts of personal information to service providers which could allow user tracking. TLS issues continue to pose a risk, with one application exhibiting a previously identified TLS certificate validation issue, and a potentially new encryption protocol downgrade flaw was identified triggered by an invalid certificate. Insecure authentication techniques were used by 30% of applications tested and pose a privacy risk even when applications use TLS.

Published
2015

42. E-health Services with Secure Mobile Agent

Author

Dharmendra Sharma, Xu Huang, and Rossilawati Sulaiman

Subjects
business.industry, Computer science, Data security, Cryptography, Cryptographic protocol, Encryption, Computer security, computer.software_genre, Digital signature, Key (cryptography), Mobile agent, Communication source, business, computer, Computer network
Abstract

This paper established a new security mechanism for online communications using mobile agents. E-health has been widely used as a communication system and information changes to deliver health services to the users through the Internet. However, the Internet imposes threats that will risk the information in transit. Therefore it is important to ensure that the communication is safe and the user’s privacy is protected. This paper extends our previous research results, Multilayer Communication (MLC) approach [1], and introduced mobile agents to MLC in e-health. The cryptographic protocols such as encryption/decryption, digital signature, and hash code are used as protection mechanisms. We focus on how Sender can securely transfer sensitive information to Recipient while still maintaining control over it. Sender keeps the key for decryption at his/her side until the agent needs it. A token is carried by the agent, which is used as a mean to call home platform to obtain the key for decryption processes. The significant of this new mechanism is that it gives Sender control over the transmitted data. Recipient can also avoid burden with the encryption details as long as he/she knows that the message is indeed comes from Recipient.

Published
2009

43. A Multi-agent Security Architecture

Author

Wanli Ma, Dharmendra Sharma, Rossilawati Sulaiman, and Dat Tran

Subjects
business.industry, Computer science, Cryptography, Code Access Security, Plaintext, Enterprise information security architecture, Computer security, computer.software_genre, Encryption, Digital signature, Mobile agent, Message authentication code, business, computer, Computer network
Abstract

This paper presents a multi-agent security architecture, which utilizes the agent characteristics to cater for security processes in online communications. The Multilayer Communication approach (MLC) [1] is used to determine the security processes, which uses cryptography protocols to secure data and communication channel. Agents are skilled to perform certain tasks. At the Sender’s host, agents interact with each other to secure a message to be sent to the Recipient, including encryption, digital signature, and hash code. A mobile agent is used to carry the encrypted messages as well as the agent’s code to the Recipient’s host. Our approach also provides mechanisms to verify the authenticity, confidentiality and the integrity of the code and data that arrived at the Recipient’s host. The message and the code are authenticated, the code is executed to perform tasks to recover the plaintext.

Published
2009

44. A Multi-agent Security Framework for e-Health Services

Author

Dharmendra Sharma, Wanli Ma, Rossilawati Sulaiman, and Dat Tran

Subjects
Computer science, Standard of Good Practice, Internet privacy, Communications security, Asset (computer security), Internet security, Computer security, computer.software_genre, Security testing, Security information and event management, Security engineering, Security association, Information security management, Cloud computing security, business.industry, Information security, Computer security model, Security service, Information and Communications Technology, Human-computer interaction in information security, Security through obscurity, Security convergence, Network security policy, The Internet, business, computer
Abstract

Nowadays, information and communication technologies are widely used in e-health to deliver services. The most popular communication choice is the Internet, as it offers cheap and worldwide coverage. However, as the technologies grow, the threats also grow in parallel. The threats put the patient's privacy at risk. Therefore, it is important to make sure that security technologies can cater for the privacy and security needs, whenever communications occur through the Internet. This paper presents a multi-agent based security framework for e-health services. The actors and the type of communications are described and a multi-level communications for the users is introduced. The security requirements and the multi-agent based security approach are modeled and presented in the framework.

Published
2007

45. Security Architecture for Mobile Agent-based Shari’ah Compliant e-Auction Marketplace

Author

Rossilawati Sulaiman, Norleyza Jailani, and Nor Aimuni Md Rashid

Subjects
bid shielding, e-auction, TheoryofComputation_GENERAL, Enterprise information security architecture, security, Bidding, Computer security, computer.software_genre, Variety (cybernetics), Ebidding, Order (exchange), Software agent, mobile agent, shill bidding, General Earth and Planetary Sciences, Mobile agent, Business, Database transaction, computer, General Environmental Science
Abstract

Nowadays, auction marketplace are conducted online and executed via electronic channels. Taking one step further, online auction e-marketplace adopted software agent technology in the bidding process. A mobile agent-based e-auction marketplace must fit the concept of halal trade and following Shari’ah law in order to fulfill muslim community needs and must offer secure and trustworthy trading environment. Nevertheless, mobile agent raises issues concerning the protection of platform/host and malicious attacks from a variety of intervening that might alter the information its carries. This paper investigate the requirement of trusted and secure online auction in line with Shari’ah transaction rules using the mobile agent technology by proposing a security architecture for mobile-agent based e-auction marketplace. This paper also investigates possible online auction frauds that can affect bidding process and focused on bid shielding and shill bidding. At the end of this the paper, security architecture for mobile agent-based e-auction marketplace in Shari’ah compliant environment is presented.

Full Text
View/download PDF

46. Systematic Literature Review on Data Carving in Digital Forensic

Author

Rossilawati Sulaiman, Nadeem Alherbawi, and Zarina Shukur

Subjects
Focus (computing), Information retrieval, Carving, Computer science, business.industry, Digital forensics, Carving Validation, Object (computer science), computer.software_genre, Field (computer science), Data resources, Digital Forensics, Systematic review, Computer data storage, General Earth and Planetary Sciences, Data Carving, Data mining, business, computer, General Environmental Science
Abstract

Data carving is a very important topic in digital investigation and computer forensic. Researches are needed to focus on improving data carving techniques to enable digital investigators to retrieve important data and evidences from damaged or corrupted data resources. This paper is the result of a systematic literature review which answer three main questions in data carving filed. The Results fall into four main directions. First it shows the need of realistic data sets for tools testing. Secondly, it points to the need of object validation under fragmented data storage. Thirdly, investigating content based validation and its benefits in digital investigation field. Finally, it points to a new direction for using semantic validation to reduce false positive rates.

Full Text
View/download PDF

47. Students’ Perception of Mobile Augmented Reality Applications in Learning Computer Organization

Author

Hazura Mohammed, Nazatul Aini Abd Majid, and Rossilawati Sulaiman

Subjects
Multimedia, Computer science, media_common.quotation_subject, Learning object, mobile augmented reality, computer science, Computer-mediated reality, computer.software_genre, Perception, teaching and learning, General Materials Science, Augmented reality, ADDIE Model, Mobile device, computer, media_common
Abstract

Augmented reality is a human-machine interaction tool that presents information generated by computer on the real world using a camera. Augmented reality technology has the potential to draw students’ attention to visualize a layer of information on real objects using handheld devices such as tablets and smartphones. The objective of this study was to assess students’ perception of the use of augmented reality in learning microprocessor. Therefore, a mobile application was designed and developed by integrating elements of augmented reality for teaching and learning this topic. This study was conducted based on the ADDIE model that consists of five phases: Analysis, Design, Development, Implementation and Evaluation. The study found that students’ perception of the use of augmented reality is positive based on the average mean score. However, the disadvantage of this application is the use of images as compared to the use of real microprocessor as the learning object. An area for future study is to assess the students’ perception of the use of real objects as the learning object in using mobile augmented reality application.

Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results