scispace - formally typeset
Search or ask a question
Author

Amjad Alsirhani

Bio: Amjad Alsirhani is an academic researcher from Dalhousie University. The author has contributed to research in topics: Computer science & Artificial intelligence. The author has an hindex of 4, co-authored 6 publications receiving 76 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: A dynamic DDoS attack detection system based on three main components: classification algorithms; a distributed system; and a fuzzy logic system that uses fuzzy logic to dynamically select an algorithm from a set of prepared classification algorithms that detect different DDoS patterns.
Abstract: Distributed denial of service (DDoS) attacks are a major security threat against the availability of conventional or cloud computing resources. Numerous DDoS attacks, which have been launched against various organizations in the last decade, have had a direct impact on both vendors and users. Many researchers have attempted to tackle the security threat of DDoS attacks by combining classification algorithms with distributed computing. However, their solutions are static in terms of the classification algorithms used. In fact, current DDoS attacks have become so dynamic and sophisticated that they are able to pass the detection system thereby making it difficult for static solutions to detect. In this paper, we propose a dynamic DDoS attack detection system based on three main components: 1) classification algorithms; 2) a distributed system; and 3) a fuzzy logic system. Our framework uses fuzzy logic to dynamically select an algorithm from a set of prepared classification algorithms that detect different DDoS patterns. Out of the many candidate classification algorithms, we use Naive Bayes, Decision Tree (Entropy), Decision Tree (Gini), and Random Forest as candidate algorithms. We have evaluated the performance of classification algorithms and their delays and validated the fuzzy logic system. We have also evaluated the effectiveness of the distributed system and its impact on the classification algorithms delay. The results show that there is a trade-off between the utilized classification algorithms’ accuracies and their delays. We observe that the fuzzy logic system can effectively select the right classification algorithm based on the traffic status.

62 citations

Proceedings ArticleDOI
01 Sep 2017
TL;DR: This work proposes a combination of encryption algorithms and a distribution system to improve database confidentiality, and demonstrates that this scheme offers a highly secure approach that provides users with data confidentiality and provides acceptable overhead performance.
Abstract: Cloud computing is a technology that facilitates numerous configurable resources in which the data is stored and managed in a decentralized manner. However, since the data is out of the owner's control, concerns have arisen regarding data confidentiality. Encryption techniques have previously been proposed to provide users with confidentiality in terms of outsource storage; however, many of these encryption algorithms are weak, enabling data security to be breached simply by compromising an algorithm. We propose a combination of encryption algorithms and a distribution system to improve database confidentiality. This scheme distributes the database across the clouds based on the level of security that is provided by the encryption algorithms utilized. We analyzed our scheme by designing and conducting experiments and by comparing our scheme with existing solutions. The results demonstrate that our scheme offers a highly secure approach that provides users with data confidentiality and provides acceptable overhead performance.

27 citations

Proceedings ArticleDOI
01 Feb 2018
TL;DR: This research proposes a DDoS detection system that benefits from cloud computing resources and consists of three concepts: classification algorithms, parallelism computing, and a fuzzy logic system.
Abstract: Cloud computing is a model of configurable computing resources such as servers, networks, storages, applications, and services that are available from anywhere at any time. In addition, cloud computing is managed by experts from different computer science fields to provide high reliability, availability, mobility, security, and scalability. Of course, security against all form of attacks, including DDoS attack, must be provided. Numerous DDoS attacks have been launched against different organizations in the last decade and numerous approaches have been proposed and tried to detect and prevent DDoS attacks by utilizing classification algorithms. In this research, we propose a DDoS detection system that benefits from cloud computing resources. Our proposed system consists of three concepts: classification algorithms, parallelism computing, and a fuzzy logic system. Classification algorithms are used in our system to classify and predict DDoS attacks on traffic packets. The parallelism concept is used to efficiently accelerate the execution of the utilized classification algorithms. The fuzzy logic is used to choose which of the classification algorithms is to be used next. We evaluated the classification algorithm and the parallel processing of the DDoS detection by configuring a test-bed that consists of one master and three slaves. We validated the fuzzy logic system by using the MATLAB statistical tool.

27 citations

Proceedings ArticleDOI
13 May 2018
TL;DR: A DDoS detection framework that mainly consists of Gradient Boosting classification algorithm (GBT) and the Apache Processing Engine Spark and the integration of the GBT algorithm with Apache Spark works excellently to detect DDoS attack.
Abstract: Distributed Denial of Service (DDoS) is one of the major threats to the Internet security. Various DDoS attacks have been reported against many organizations in recent years. There have been numerous studies investigating the effects of utilizing classification algorithms to detect and prevent DDoS attacks. However, the existing research has many obstacles including the achievement of practical performance rates of the detection system, the delay of detection, as well as the ability to deal with the large dataset. In this research, we propose a DDoS detection framework that mainly consists of Gradient Boosting classification algorithm (GBT) and the Apache Processing Engine Spark. Experimental results conducted in a Spark and Hadoop cluster, for evaluating the proposed framework regarding the performances as well as the delays using a real DDoS Dataset, show that the integration of the GBT algorithm with Apache Spark works excellently to detect DDoS attack. The volume of the dataset and the features space, as well as the depth of decision trees and number of iterations parameters, have a direct impact on the GBT algorithm performance rates and the delays.

14 citations

Journal ArticleDOI
01 Sep 2022-Sensors
TL;DR: An explainable malware detection system was proposed using transfer learning and malware visual features for effective malware detection and an interpretable artificial intelligence (AI) experiment was conducted.
Abstract: Android has become the leading mobile ecosystem because of its accessibility and adaptability. It has also become the primary target of widespread malicious apps. This situation needs the immediate implementation of an effective malware detection system. In this study, an explainable malware detection system was proposed using transfer learning and malware visual features. For effective malware detection, our technique leverages both textual and visual features. First, a pre-trained model called the Bidirectional Encoder Representations from Transformers (BERT) model was designed to extract the trained textual features. Second, the malware-to-image conversion algorithm was proposed to transform the network byte streams into a visual representation. In addition, the FAST (Features from Accelerated Segment Test) extractor and BRIEF (Binary Robust Independent Elementary Features) descriptor were used to efficiently extract and mark important features. Third, the trained and texture features were combined and balanced using the Synthetic Minority Over-Sampling (SMOTE) method; then, the CNN network was used to mine the deep features. The balanced features were then input into the ensemble model for efficient malware classification and detection. The proposed method was analyzed extensively using two public datasets, CICMalDroid 2020 and CIC-InvesAndMal2019. To explain and validate the proposed methodology, an interpretable artificial intelligence (AI) experiment was conducted.

9 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: A novel multi-stage optimized ML-based NIDS framework that reduces computational complexity while maintaining its detection performance and hyper-parameter optimization techniques are investigated to enhance the NIDS’s performance.
Abstract: Cyber-security garnered significant attention due to the increased dependency of individuals and organizations on the Internet and their concern about the security and privacy of their online activities. Several previous machine learning (ML)-based network intrusion detection systems (NIDSs) have been developed to protect against malicious online behavior. This paper proposes a novel multi-stage optimized ML-based NIDS framework that reduces computational complexity while maintaining its detection performance. This work studies the impact of oversampling techniques on the models’ training sample size and determines the minimal suitable training sample size. Furthermore, it compares between two feature selection techniques, information gain and correlation-based, and explores their effect on detection performance and time complexity. Moreover, different ML hyper-parameter optimization techniques are investigated to enhance the NIDS’s performance. The performance of the proposed framework is evaluated using two recent intrusion detection datasets, the CICIDS 2017 and the UNSW-NB 2015 datasets. Experimental results show that the proposed model significantly reduces the required training sample size (up to 74%) and feature set size (up to 50%). Moreover, the model performance is enhanced with hyper-parameter optimization with detection accuracies over 99% for both datasets, outperforming recent literature works by 1-2% higher accuracy and 1-2% lower false alarm rate.

81 citations

Journal ArticleDOI
TL;DR: A distributed DDoS network intrusion detection system based on big data technology that uses Spark to speed up data processing and HDFS to store massive suspicious attacks.
Abstract: Security assurance in Vehicular Ad hoc Network (VANET) is a crucial and challenging task due to the open-access medium. One great threat to VANETs is Distributed Denial-of-Service (DDoS) attack because the target of this attack is to prevent authorized nodes from accessing the services. To provide high availability of VANETs, a scalable, reliable and robust network intrusion detection system should be developed to efficiently mitigate DDoS. However, big data from VANETs poses serious challenges to DDoS attack detection since the detection system require scalable methods to capture, store and process the big data. To overcome these challenges, this paper proposes a distributed DDoS network intrusion detection system based on big data technology. The proposed detection system consists of two main components: real-time network traffic collection module and network traffic detection module. To build our proposed system, we use Spark to speed up data processing and use HDFS to store massive suspicious attacks. In the network collection module, micro-batch data processing model is used to improve the real-time performance of traffic feature collection. In the traffic detection module, the classification algorithm based on Random Forest (RF) is adopted. In order to evaluate the accuracy of detection, the algorithm was evaluated and compared in the datasets, containing NSL-KDD and UNSW-NB15. The experimental results show that the proposed detection algorithm reached the accuracy rate of 99.95% and 98.75%, and the false alarm rate (FAR) of 0.05% and 1.08%, respectively, in two datasets.

65 citations

Journal ArticleDOI
TL;DR: A dynamic DDoS attack detection system based on three main components: classification algorithms; a distributed system; and a fuzzy logic system that uses fuzzy logic to dynamically select an algorithm from a set of prepared classification algorithms that detect different DDoS patterns.
Abstract: Distributed denial of service (DDoS) attacks are a major security threat against the availability of conventional or cloud computing resources. Numerous DDoS attacks, which have been launched against various organizations in the last decade, have had a direct impact on both vendors and users. Many researchers have attempted to tackle the security threat of DDoS attacks by combining classification algorithms with distributed computing. However, their solutions are static in terms of the classification algorithms used. In fact, current DDoS attacks have become so dynamic and sophisticated that they are able to pass the detection system thereby making it difficult for static solutions to detect. In this paper, we propose a dynamic DDoS attack detection system based on three main components: 1) classification algorithms; 2) a distributed system; and 3) a fuzzy logic system. Our framework uses fuzzy logic to dynamically select an algorithm from a set of prepared classification algorithms that detect different DDoS patterns. Out of the many candidate classification algorithms, we use Naive Bayes, Decision Tree (Entropy), Decision Tree (Gini), and Random Forest as candidate algorithms. We have evaluated the performance of classification algorithms and their delays and validated the fuzzy logic system. We have also evaluated the effectiveness of the distributed system and its impact on the classification algorithms delay. The results show that there is a trade-off between the utilized classification algorithms’ accuracies and their delays. We observe that the fuzzy logic system can effectively select the right classification algorithm based on the traffic status.

62 citations

Journal ArticleDOI
Abstract: Cyber-security garnered significant attention due to the increased dependency of individuals and organizations on the Internet and their concern about the security and privacy of their online activities. Several previous machine learning (ML)-based network intrusion detection systems (NIDSs) have been developed to protect against malicious online behavior. This paper proposes a novel multi-stage optimized ML-based NIDS framework that reduces computational complexity while maintaining its detection performance. This work studies the impact of oversampling techniques on the models' training sample size and determines the minimal suitable training sample size. Furthermore, it compares between two feature selection techniques, information gain and correlation-based, and explores their effect on detection performance and time complexity. Moreover, different ML hyper-parameter optimization techniques are investigated to enhance the NIDS's performance. The performance of the proposed framework is evaluated using two recent intrusion detection datasets, the CICIDS 2017 and the UNSW-NB 2015 datasets. Experimental results show that the proposed model significantly reduces the required training sample size (up to 74%) and feature set size (up to 50%). Moreover, the model performance is enhanced with hyper-parameter optimization with detection accuracies over 99% for both datasets, outperforming recent literature works by 1-2% higher accuracy and 1-2% lower false alarm rate.

58 citations

Journal ArticleDOI
TL;DR: A distributed denial of service (DDoS) attack represents a major threat to service providers as discussed by the authors, where a DDoS attack aims to disrupt and deny services to legitimate users by overwhelming the target with a massive number of malicious requests.
Abstract: A distributed denial of service (DDoS) attack represents a major threat to service providers. More specifically, a DDoS attack aims to disrupt and deny services to legitimate users by overwhelming the target with a massive number of malicious requests. A cyberattack of this kind is likely to result in tremendous economic losses for businesses and service providers due to increasing both operating and financial costs. In recent years, machine learning (ML) techniques have been widely used to prevent DDoS attacks. Indeed, many defense systems have been transformed into smart and intelligent systems through the use of ML techniques, which allow them to defeat DDoS attacks. This paper analyzes recent studies concerning DDoS detection methods that have adapted single and hybrid ML approaches in modern networking environments. Additionally, the paper discusses different DDoS defense systems based on ML techniques that make use of a virtualized environment, including cloud computing, software-defined network, and network functions virtualization environments. As the development of the Internet of Things (IoT) has been the subject of significant research attention in recent years, the paper also discusses ML approaches as security solutions against DDoS attacks in IoT environments. Furthermore, the paper recommends a number of directions for future research. This paper is intended to assist the research community with the design and development of effective defense systems capable of overcoming different types of DDoS attacks.

56 citations