Showing papers by "Qusay H. Mahmoud published in 2021"

Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks

Abstract: The growing development of IoT (Internet of Things) devices creates a large attack surface for cybercriminals to conduct potentially more destructive cyberattacks; as a result, the security industry has seen an exponential increase in cyber-attacks. Many of these attacks have effectively accomplished their malicious goals because intruders conduct cyber-attacks using novel and innovative techniques. An anomaly-based IDS (Intrusion Detection System) uses machine learning techniques to detect and classify attacks in IoT networks. In the presence of unpredictable network technologies and various intrusion methods, traditional machine learning techniques appear inefficient. In many research areas, deep learning methods have shown their ability to identify anomalies accurately. Convolutional neural networks are an excellent alternative for anomaly detection and classification due to their ability to automatically categorize main characteristics in input data and their effectiveness in performing faster computations. In this paper, we design and develop a novel anomaly-based intrusion detection model for IoT networks. First, a convolutional neural network model is used to create a multiclass classification model. The proposed model is then implemented using convolutional neural networks in 1D, 2D, and 3D. The proposed convolutional neural network model is validated using the BoT-IoT, IoT Network Intrusion, MQTT-IoT-IDS2020, and IoT-23 intrusion detection datasets. Transfer learning is used to implement binary and multiclass classification using a convolutional neural network multiclass pre-trained model. Our proposed binary and multiclass classification models have achieved high accuracy, precision, recall, and F1 score compared to existing deep learning implementations.

ElectionBlock: An Electronic Voting System using Blockchain and Fingerprint Authentication

Abstract: Voting is the method of choice used to make a large number of democratic decisions amongst many groups of people. Regardless of whether the method is used in professional or casual scenarios, it provides a fair and efficient way to determine a decision based on the majority. In smaller groups, keeping track of voter decisions is not a difficult task, however, in situations where there are hundreds of thousands of voters, keeping a precise record of voter decisions becomes important and more difficult. The advancements in blockchain technology provide a potential solution to the record-keeping problem of contemporary voting procedures, as blockchain technology by design, excels in applications where multiple users are working on immutable data. In this paper we discuss the design and development of ElectionBlock, a voting system that provides its own blockchain, running on a centralized network of nodes, with the integration of a biometric scanner, to maintain vote integrity and distinguish between registered and unregistered voters. This scheme allows data immutability while providing the user with security and control over their ballot. Experimental results demonstrate the potential for scalability of the system to handle a high volume of votes from multiple servers while maintaining data integrity, performance, and security. This paper will address the considerations taken to develop and implement the centralized and independent blockchain network for use as a voting platform with the integration of biometrics for the purpose of enhanced user security.

Virtual to Real-World Transfer Learning: A Systematic Review

Abstract: Machine learning has become an important research area in many domains and real-world applications. The prevailing assumption in traditional machine learning techniques, that training and testing data should be of the same domain, is a challenge. In the real world, gathering enough training data to create high-performance learning models is not easy. Sometimes data are not available, very expensive, or dangerous to collect. In this scenario, the concept of machine learning does not hold up to its potential. Transfer learning has recently gained much acclaim in the field of research as it has the capability to create high performance learners through virtual environments or by using data gathered from other domains. This systematic review defines (a) transfer learning; (b) discusses the recent research conducted; (c) the current status of transfer learning and finally, (d) discusses how transfer learning can bridge the gap between the virtual and real-world.

A Hybrid Multi-Task Learning Approach for Optimizing Deep Reinforcement Learning Agents

Abstract: Driven by recent technological advancements within the field of artificial intelligence (AI), deep learning (DL) has been emerged as a promising representation learning technique across different machine learning (ML) classes, especially within the reinforcement learning (RL) arena. This new direction has given rise to the evolution of a new technological domain named deep reinforcement learning (DRL) that combines the high representational learning capabilities of DL with existing RL methods. Performance optimization achieved by RL-based intelligent agents designed with model-free-based approaches was majorly limited to systems with RL algorithms focused on learning a single task. The aforementioned approach was found to be quite data inefficient, whenever DRL agents needed to interact with more complex, data-rich environments. This is primarily due to the limited applicability of DRL algorithms to many scenarios across related tasks from the same distribution. One of the possible approaches to mitigate this issue is by adopting the method of multi-task learning. The objective of this research paper is to present a hybrid multi-task learning-oriented approach for the optimization of DRL agents operating within different but semantically similar environments with related tasks. The proposed framework will be built with multiple, individual actor-critic models functioning within independent environments and transferring knowledge among themselves through a global network to optimize performance. The empirical results obtained by the hybrid multi-task learning model on OpenAI Gym based Atari 2600 video gaming environment demonstrates that the proposed model enhances the performance of the DRL agent relatively in the range of 15% to 20% margin.

Network Traffic Flow Based Machine Learning Technique for IoT Device Identification

Abstract: Security and privacy issues are being raised as smart systems are integrated into our daily lives. New security issues have emerged with several new vendors that develop the Internet of Things (IoT) products. The contents and patterns of network traffic will expose vulnerable IoT devices to intruders. New methods of network assessment are needed to evaluate the type of network connected IoT devices. IoT device recognition would provide a comprehensive structure for the development of stable IoT networks. This paper chooses a machine learning technique to identify IoT devices linked to the network by analyzing network flow sent and received. To generate network traffic data, we have developed a dataset adapted from the IoT23 Pcap files to experiment with a smart home network. We have created a model to identify the IoT device based on network traffic analysis. We evaluate our proposed model via full features dataset, reduces features dataset, and flow-based features dataset. This paper focuses on using flow-based features to identify the IoT device connected to the network. Our proposed scheme results in 100% precision, precision, recall, and F score via a full features dataset, reduced features dataset, and flow-based features dataset. Through evaluations using our produced dataset, we demonstrate that the proposed model can accurately classify IoT devices.

Design and evaluation of a user authentication model for IoT networks based on app event patterns

Abstract: Access to a variety of Internet of Things networks can be achieved through end-user devices such as smartphones or tablets. However, these devices are susceptible to theft, loss or unauthorized access. Although end-user devices are equipped with different means of authentication such as fingerprint readers, these methods are only employed at the time of access. Hence, an effective authentication mechanism that continuously authenticates users in the background is required in order to detect unauthorized access. A rich set of information can be extracted from end-user devices and utilized in the background to continuously authenticate users without requiring further intervention. As an example, the ability to continuously retrieve application usage profiles and sensor data on such devices strengthens the argument for employing behavioral-based mechanisms for continuous user authentication. This paper, which discusses behavioral-based authentication mechanisms with regard to security and usability, presents a user authentication model based on app access and network generated traffic patterns while accessing apps, utilizing a small amount of information. To validate our model, we use a public real-world dataset collected, in an uncontrolled manner, from real users over a long time period. The presented model can authenticate users with a minimum F-measure of 98%, utilizing both access time patterns and network traffic patterns. Overall, the results are promising, and the achieved high degree of accuracy proves the effectiveness and usability of the proposed model.

A Machine Learning Based Monitoring Framework for Side-Channel Information Leaks

Abstract: Computer and network security is an ever important field of study as information processed by these systems is of ever increasing value. The state of research on direct attacks, such as exploiting memory safety or shell input errors is well established and a rich set of testing tools are available for these types of attacks. Machine-learning based intrusion detection systems are also available and are commonly deployed in production environments. What is missing, however, is the consideration of implicit information flows, or side-channels . Research has revealed side-channels formed by everything from CPU acoustic noise, to encrypted network traffic patterns, to computer monitor ambient light. Furthermore, no portable method exists for distributing side-channel test cases. This paper introduces a framework for adversary modeling and feedback generation on what the adversary may learn from the various side-channel information sources. The framework operates by monitoring two data streams; the first being the stream of side-channel cues, and the second being the stream of private system activity. These streams are used for training and evaluating a machine learning classifier to determine its performance of private system activity prediction. A prototype has been built to evaluate side-channel effects on four popular scenarios.

Optimization of Deep Reinforcement Learning with Hybrid Multi-Task Learning

Abstract: As an outcome of the technological advancements occurred within artificial intelligence (AI) domain in recent times, deep learning (DL) has been established its position as a prominent representation learning method for all forms of machine learning (ML), including the reinforcement learning (RL). Subsequently, leading to the evolution of deep reinforcement learning (DRL) which combines deep learning’s high representational learning capabilities with current reinforcement learning methods. Undoubtedly, this new direction has caused a pivotal role towards the performance optimization of intelligent RL systems designed by following model-free based methodology. optimization of the performance achieved with this methodology was majorly restricted to intelligent systems having reinforcement learning algorithms designed to learn single task at a time. Simultaneously, single task-based learning method was observed as quite less efficient in terms of data, especially when such intelligent systems required operate under too complex as well as data rich conditions. The prime reason for this was because of the restricted application of existing methods to wide range of scenarios, and associated tasks from those operating environments. One of the possible approaches to mitigate this issue is by adopting the method of multi-task learning. Objective of this research paper is to present a parallel multi-task learning (PMTL) approach for the optimization of deep reinforcement learning agents operating within two different by semantically similar environments with related tasks. The proposed framework will be built with multiple individual actor-critic models functioning within each environment and transferring the knowledge among themselves through a global network to optimize the performance.

A Failure Prediction Model for Large Scale Cloud Applications using Deep Learning

Abstract: Many cloud service providers face significant challenges in preventing hardware and software failure from occurring. Due to the large scale and heterogeneous nature of cloud computing, cloud services continue to experience failures in their components. A significant proportion of previous studies have focused on the characterization of failed jobs and understanding their behavior, while a few studies have focused on failure prediction, with a focus on increasing the accuracy of failure prediction models. This paper presents the development and implementation of a failure prediction model using a deep learning approach. The proposed model can identify and detect failed tasks early on before they occur. The key feature of the failure prediction model is to improve the performance of cloud applications by reducing the number of failed jobs. In order to investigate the behavior of failure and apply the prediction of failure to the large-scale environment, we used three different traces, namely Google Cluster Trace, Mustang and Trinity. Moreover, we have evaluated the proposed model performance using different evaluation metrics to ensure that the proposed model provides the highest accuracy of predicted values. The proposed model is designed and implemented to achieve high accuracy for failure prediction, regardless of whether the model uses a large or small trace size. The evaluation results show that our proposed model achieved a high precision, recall and f1 score.

PESKEA: Anomaly Detection Framework for Profiling Kernel Event Attributes in Embedded Systems

Abstract: In the software development life cycle, we use the execution traces of a given application to examine the behavior of the software when an error occurs or to monitor the software performance and compliance. However, this type of application trace analysis focuses on checking the performance of the software against its design goals. Conversely, the operating system (OS) sits between the application and the hardware, and traces logged from this layer capture the behavior of the embedded system and not just the application. Hence, an analysis of the kernel events captures the system-wide performance of the embedded system. Consequently, we present a feature-based anomaly detection framework called PESKEA, which exploits the statistical variance of the features in the execution traces of an embedded OS to perform trace classification, and subsequently, anomaly detection. We test PESKEA with two public datasets we refer to as Dataset I and Dataset II . On Dataset I, PESKEA results show a 3 to 6 percent improvement in the true positive rate (TPR) of Dataset I compared to the previous work tested on this dataset, and scores between 88.37 to 100 percent in Dataset II. We hope to test PESKEA on non-UAV embedded control application datasets in future work.

SocialSDN: Design and Implementation of a Secure Internet Protocol Tunnel Between Social Connections

Abstract: End-to-end encrypted (E2EE) network services can be classified into 1) network services that provide native endto-end encryption and 2) non-encrypted services transported through secure tunnels. While the first solution of native E2EE applications lacks generality and standardization, the second option of secure tunnels shows itself to be a promising solution, yet the current state-of-the-art still possesses several drawbacks. Primarily, the current state-of-the-art for establishing a secure tunnel for arbitrary IP traffic between two or more users requires significant technical expertise. Secondly, due to side-channel effects, the current state-of-the-art for cryptographically protected network tunnels may leak sensitive information through traffic pattern analysis. Lastly, the current state-of-the-art for this type of networking lacks elegance and convenience and therefore users often settle for less secure non-E2EE services. In this paper, we present SocialSDN which utilizes concepts from social networking and software-defined networking to build a tool which addresses many of the issues holding back mass adoption of E2EE network services.

A Feature-Based Machine Learning Approach for Mixed-Criticality Systems

Abstract: Driven by the recent technological advancements in the field of artificial intelligence, machine learning has emerged as a promising representation learning and decision-making method in many technological domains. Inspired by impressive these results, now machine learning techniques are also being applied to address the decision-making and control problems in the area of cyber-physical systems. For instance, some of these systems fall under the category of safety-critical systems such as chemical plants, autonomous vehicles, surgical robots, and modern medical equipment. One of the major performance issues related to the applicability of machine learning with safety-critical systems is related to the probability-based prediction nature of machine learning components used within such systems. This particular characteristic of machine learning makes it extremely difficult to guarantee safety as directed by standards such as ISO 26262. More importantly, the non-transparent and complex nature of machine learning algorithms make both the reasoning as well as formally establishing the safety aspects of the underlying system extremely difficult. The objective of this research work is to investigate on this key issue, and further on propose an efficient machine learning methodology based on the mixed-criticality approach feasible to safety-critical systems.