Showing papers by "Muddassar Farooq published in 2011"

Using evolutionary learning classifiers to do MobileSpam (SMS) filtering

Abstract: In recent years, we have witnessed the dramatic increase in the volume of mobile SMS (Short Messaging Service) spam. The reason is that operators - owing to fierce market competition - have introduced packages that allow their customers to send unlimited SMS in less than $1 a month. It not only degrades the service of cellular operators but also compromises security and privacy of users. In this paper, we analyze SMS spam to identify novel features that distinguishes it from benign SMS (ham). The novelty of our approach is that we intercept the SMS at the access layer of a mobile phone - in hexadecimal format - and extract two features: (1) octet bigrams, and (2) frequency distribution of octets. Later, we provide these features to a number of evolutionary and non-evolutionary classifiers to identify the best classifier for our mobile spam filtering system. We evaluate the detection rate and false alarm rate of our system - using different classifiers - on a real world dataset. The results of our experiments show that sUpervised Classifier System (UCS), by operating on the the above-mentioned features'set, achieves more than 89% detection rate and 0% false alarm rate.

On the reliability of ad hoc routing protocols for loss-and-delay sensitive applications

Abstract: In this paper, we analyze the packet delivery reliability of ad hoc routing protocols for loss-and-delay sensitive applications. Since a typical flooding-based route discovery used in ad hoc routing protocols -DSR for instance - can only discover node-disjoint paths. In this context, we first show that the reliability function of such a multipath system is concave with respect to the total number of paths. Therefore, maximum steady-state reliability may be attained by routing each packet through a small set of node-disjoint paths. Subsequently, we prove that a partially-disjoint path is more reliable than a node-disjoint path. Hence, high reliability and significant energy savings may be achieved by routing a packet through fewer partially-disjoint paths. Based on these findings, we suggest modifications to flooding-based route discovery procedure to discover partially-disjoint paths. We complement our theoretical outcomes through extensive simulations. Finally, we analyze the reliability of beacon-based routing protocols and derive an upper bound on the number of hops at which a beacon should be placed to satisfy a given packet reliability constraint.

In-Execution Malware Detection Using Task Structures of Linux Processes

Abstract: In this paper, we present a novel framework -- it uses the information in kernel structures of a process -- to do run-time analysis of the behavior of an executing program. Our analysis shows that classifying a process as malicious or benign -- using the information in kernel structures of a process -- is not only very accurate but also has very low processing overheads; as a result, this lightweight framework can be incorporated within operating system kernel. To provide a proof-of-concept of our thesis, we design and implement our system as a kernel module in Linux. We perform the time series analysis of 118 parameters of Linux task structures and pre-process them to come up with a minimal features' set of 11 features. Our analysis show that these features have remarkably different values for benign and malicious processes; as a result, a number of classifiers operating on these features provide 93% detection accuracy with 0% false alarm rate within 100 milliseconds. Last but not the least, we justify that it is very difficult for a crafty attacker to evade these low-level system specific features.

OG-Miner: An Intelligent Health Tool for Achieving Millennium Development Goals (MDGs) in m-Health Environments

Abstract: The latest statistics of WHO show that approxi- mately 500, 000 women die worldwide every year - the majority of them residing in developing countries - due to pregnancy related complications. The situation is so grave that UN has set a target of reducing Maternal Mortality Rate (MMR) by 75% till the year 2015 in its millennium development goals (MDGs). Therefore, the current focus of health care researchers is to advocate the use of e-health technology in developing countries that have the capability: (1) to remotely monitor patients in their homes by semiskilled health professionals, and (2) to use data mining techniques to raise alarms about high risk patients. In this paper, we develop an intelligent health tool - Obstetrics and Gynaecology (OG) OG-Miner - that presents a novel combination of data mining techniques for accurate and effective classification of high risk pregnant women. The scheme classifies four major risk factors of mortality - hypertension, hemorrhage, septicemia and obstructed labor - in a reliable, autonomous and accurate fashion. We have collected a real world data of more than 1200 patients from tertiary care hospitals and rural areas. Our tool achieves more than 98% accuracy on the collected OG dataset. Moreover, our evaluations of OG-Miner on eight other medical datasets show that its learning paradigm can be generalized to other domains as well. Last but not least, we are using OG-Miner as an integral component of a health value chain in our m-health project to autonomously filter a significant number of low risk patients in rural areas; as a result, only high risk patients are referred to specialized obstetrician in tertiary care hospitals. As a consequence, the reduced workload enables them to provide quality care to the patients.

A hybrid artificial immune system (AIS) model for power aware secure Mobile Ad Hoc Networks (MANETs) routing protocols

Abstract: Securing ad hoc routing protocols for MANETs is a significant challenge due to number of reasons: (1) mobility results in continuously changing network topology - the premise of stable self or non-self is void, (2) the proposed security solution must be lightweight so that it can be deployed on resource constrained mobile nodes, and (3) the solution should provide high detection accuracy and low false positive rate. The major contribution of this paper is a hybrid AIS model - combining the relevant features of classical self/non-self paradigm with the emerging danger theory paradigm - that has the capability to meet the above-mentioned challenges of the MANET environment. As a case study, we use our hybrid model to develop a power aware security framework for BeeAdHoc- a well-known bio-inspired routing protocol. We have realized our framework in ns-2 simulator. We have also developed an attacker framework in ns-2 that has the capability to launch a number of Byzantine attacks on BeeAdHoc. The results of our experiments show that our proposed framework meets all its requirements: (1) the adaptive learning because of changing self/non-self, (2) high detection accuracy and low false positive rate, (3) lightweight in terms of processing and communication overheads, and (4) better or comparable performance compared with non-secure versions of existing state-of-the-art MANET routing protocols -DSR and AODV. We have also compared our hybrid AIS model with self/non-self, danger theory and a conventional anomaly detection system to show its merits over these schemes. Finally, we propose an extension of the framework for securing DSR.

Using evolutionary algorithms for ECG Arrhythmia detection and classification

Abstract: The electrocardiogram (ECG) is the most clinically accepted diagnostic tool used by physicians for interpreting the functional activity of the heart. The existing ECG machines require an expert-in-the-loop for identifying abnormalities in cardiac activity - commonly referred to as Arrhythmia - of a patient. The accuracy of diagnosis is directly dependent on the skill set of the physician; as a result, in rural and remote places, where no ECG specialist wants to relocate, the patients are unable to get any help in case of life threatening arrhythmias. In this paper, we investigate the suitability of evolutionary algorithms to discriminate a normal ECG from an abnormal one with minimum user intervention. Consequently, the human dependent errors are minimized. The intelligent framework is efficient and can be used for realtime ECG analysis to complement the diagnostic efficiency and accuracy of ECG specialists. Moreover, the system could also be used to raise early alarms for patients where no ECG specialist is available. In this paper, we aim at autonomously detecting six types of Arrhythmia: (1) Tachycardia, (2) Bradycardia, (3) Right Bundle Branch Block, (4) Left Bundle Branch Block, (5) Old Inferior Myocardial Infarction, and (6) Old Anterior Myocardial Infarction. We evaluate the accuracy of our system by selecting the best back end classifier from a set of 8 evolutionary classifiers. The results of our experiments show that our system is able to achieve more than 98% accuracy in detecting most types of Arrhythmia.

Embedding High Capacity Covert Channels in Short Message Service (SMS)

Abstract: Covert Channels constitute an important security threat because they are used to ex-filtrate sensitive information, to disseminate malicious code, and, more alarmingly, to transfer instructions to a criminal (or terrorist). This work presents zero day vulnerabilities and weak-nesses, that we discovered, in the Short Message Service (SMS) protocol, that allow the embedding of high capacity covert channels. We show that an intruder, by exploiting these SMS vulnerabilities, can bypass the existing security infrastructure (including firewalls, intrusion detection systems, content filters) of a sensitive organization and the primitive content filtering software at an SMS Center (SMSC). We found that the SMS itself, along with its value added services (like picture SMS, ring tone SMS), appears to be much more susceptible to security vulnerabilities than other services in IP-based networks. To demonstrate the effectiveness of covert channels in SMS, we have used our tool GeheimSMS that practically embeds data bytes (not only secret, but also hidden) by composing the SMS in Protocol Description Unit (PDU) mode and transmitting it from a mobile device using a serial or Bluetooth link. The contents of the overt (benign) message are not corrupted; hence the secret communication remains unsuspicious during the transmission and reception of SMS. Our experiments on active cellular networks show that 1 KB of a secret message can be transmitted in less than 3 minutes by sending 26 SMS without raising an alarm over suspicious activity.

A Framework for Detecting Malformed SMS Attack

Abstract: Malformed messages in different protocols pose a serious threat because they are used to remotely launch malicious activity. Furthermore, they are capable of crashing servers and end points, sometimes with a single message. Recently, it was shown that a malformed SMS can crash a mobile phone or gain unfettered access to it. In spite of this, little research has been done to protect mobile phones against malformed SMS messages. In this paper, we propose an SMS malformed message detection framework that extracts novel syntactical features from SMS messages at the access layer of a smart phone. Our framework operates in four steps: (1) it analyzes the syntax of the SMS protocol, (2) extracts syntactical features from SMS messages and represents them in a suffix tree, (3) uses well-known feature selection schemes to remove the redundancy in the features’ set, and (4) uses standard distance measures to raise the final alarm. The benefit of our framework is that it is lightweight-requiring less processing and memory resources-and provides a high detection rate and small false alarm rate. We evaluated our system on a real-world SMS dataset consisting of more than 5000 benign and malformed SMS messages. The results of our experiments demonstrated that our framework achieves a detection rate of more than 99% with a false alarm rate of less than 0.005%. Last, but not least, its processing and memory requirements are relatively small; as a result, it can be easily deployed on resource-constrained smart phones or mobile devices.

Embedding high capacity covert channels in short message service (sms)

Abstract: Covert Channels constitute an important security threat because they are used to ex-filtrate sensitive information, to disseminate malicious code, and, more alarmingly, to transfer instructions to a criminal (or terrorist). This work presents zero day vulnerabilities and weak-nesses, that we discovered, in the Short Message Service (SMS) protocol, that allow the embedding of high capacity covert channels. We show that an intruder, by exploiting these SMS vulnerabilities, can bypass the existing security infrastructure (including firewalls, intrusion detection systems, content filters) of a sensitive organization and the primitive content filtering software at an SMS Center (SMSC). We found that the SMS itself, along with its value added services (like picture SMS, ring tone SMS), appears to be much more susceptible to security vulnerabilities than other services in IP-based networks. To demonstrate the effectiveness of covert channels in SMS, we have used our tool GeheimSMS that practically embeds data bytes (not only secret, but also hidden) by composing the SMS in Protocol Description Unit (PDU) mode and transmitting it from a mobile device using a serial or Bluetooth link. The contents of the overt (benign) message are not corrupted; hence the secret communication remains unsuspicious during the transmission and reception of SMS. Our experiments on active cellular networks show that 1 KB of a secret message can be transmitted in less than 3 minutes by sending 26 SMS without raising an alarm over suspicious activity.