Abdulghani Ali Ahmed

SLA-based complementary approach for network intrusion detection

Enhancing the intrusion detection system is essential to maintain user confidence in network services security. However, the threat of intruders on Internet services is prevalent. This paper proposes a distributed edge-to-edge complementary approach for intrusion detection in a DiffServ/MPLS domain. The QoS metrics are inspected at the edges routers to determine anomalous behavior in the network traffic. Consumed ratios of one-way delay variation (OWDV) and packet loss are computed to monitor service level agreement (SLA) violations. The bandwidth ratio is measured to differentiate abnormal from normal traffic as well as to detect multiple intrusions launched simultaneously. We employed SLA as a comparison scale to infer the deviation between the users consumed ratios and the predefined ratios in the SLA. Service violation occurs and intrusion may be launched when the predefined ratios are exceeded. The complementary services of DiffServ and MPLS techniques guarantee accurate measurements, whereas the complementary measurements of active and passive techniques immunize network performance against scalability limitation. Simulation results indicate that the proposed approach is capable of monitoring SLA violations and can filter out traffic of intruders who breach SLA without disturbing the normal traffic of legitimate users.

Filtration model for the detection of malicious traffic in large-scale networks

Abstract This study proposes a capable, scalable, and reliable edge-to-edge model for filtering malicious traffic through real-time monitoring of the impact of user behavior on quality of service (QoS) regulations. The model investigates user traffic, including that injected through distributed gateways and that destined to gateways that are experiencing actual attacks. Misbehaving traffic filtration is triggered only when the network is congested, at which point burst gateways generate an explicit congestion notification (ECN) to misbehaving users. To investigate the behavior of misbehaving user traffic, packet delay variation (PDV) ratios are actively estimated and packet transfer rates are passively measured at a unit time. Users who exceed the PDV bit rates specified in their service level agreements (SLAs) are filtered as suspicious users. In addition, suspicious users who exceed the SLA bandwidth bit rates are filtered as network intruders. Simulation results demonstrate that the proposed model efficiently filters network traffic and precisely detects malicious traffic.

Real-time detection of intrusive traffic in QoS network domains

A capable, scalable, and reliable model detects intrusive traffic by investigating the impact of user behavior on quality-of-service regulations in real time. The model also proposes reliable coordination for investigating user traffic, including traffic injected through several gateways. Traffic investigation is triggered only when the network is congested; at that moment, burst gateways generate an echo of explicit congestion notification to misbehaving users. The model investigates these users by measuring their bandwidth consumption ratios. User traffic that exceeds the service-level agreement bandwidth ratio is filtered as intrusive. Simulation results demonstrate that the proposed model efficiently monitors user behavior and detects intrusive traffic.

Service Violation Monitoring Model for Detecting and Tracing Bandwidth Abuse

Bandwidth abuse is a critical Internet service violation. However, its origins are difficult to detect and trace given similarities between abusive and normal traffic. So far, there is no capable and scalable mechanism to deal with bandwidth abuse. This paper proposes a distributed edge-to-edge model for monitoring service level agreement (SLA) violations and tracing abusive traffic to its origins. The mechanism of policing misbehaving user traffic at a single random early detection (RED) gateway is used in the distributed monitoring of SLA violations, including violations carried out through several gateways. Each RED gateway reports misbehaving users who have been sent notifications of traffic policing to an SLA monitoring unit. Misbehaving users are considered suspicious users and their consumed bandwidth shares are aggregated at every gateway to be compared with SLA-specified ratios. Bandwidth is abused when SLA-specified ratios are exceeded. By reporting bandwidth abuse, illegitimate users can be isolated from legitimate ones and source hosts of abusive traffic may be traced. Approximate simulation results show that the proposed model can detect any SLA violation and identify abusive users. In addition, the proposed model can trace user violations back to their source machines in real time.

Investigation Approach for Network Attack Intention Recognition

Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentia...Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentiality, integrity, and availability. The rapid development of network technologies helps increase network attacks and hides their malicious intentions. Attack intention is the ultimate attack goal that the attacker attempts to achieve by executing various intrusion methods or techniques. Recognizing attack intentions helps security administrator develop effective protection systems that can detect network attacks that have similar intentions. This paper analyses attack types and classifies them according to their malicious intent. An investigation approach based on similarity metric is proposed to recognize attacker plans and predict their intentions. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of Network attack.

An Energy-Efficient Cross-Layer approach for cloud wireless green communications

In wireless sensor networks (WSN), energy consumption is one of the crucial issues. It is very important to conserve energy at each sensor node to prolong a network lifetime. The main challenge in WSN is to develop an energy efficient algorithm to minimize energy consumption during transmitting information from deployed sensors up to the cloud resources. Many researches have been studied the designing of energy efficient technique based on one-layer stack model approach. In this study, we propose Energy-Efficient Cross-Layer (EECL) approach by using the interaction of MAC layer and physical layer information to be exploited by a network layer to achieve energy efficient communication. More precisely, network layer could utilize the MAC layer and physical layer information to establish an energy efficient route path to be used in forwarding data. The proposed EECL approach uses X-MAC protocol in support of duty cycle which introduces short preambles that switches to wake-up/sensing mode only for nodes belonging to routing path while the other nodes set to be in sleep mode. The distance between nodes that influences energy consumption and Bit Error Rate (BER) are set to be the parameters which they are help in indicating the required power for each hop during route path selection in WSN and avoid the rely-hops that suffering from high average BER and with farther distance. We conduct the experiment using Matlab to evaluate the effectiveness of our proposed approach in terms of power consumption and obtained data rate. The results show that our proposed EECL approach outperforms its representatives in the ability of tuning the power utilized in respect with required data rate that could satisfy the desired Quality-of-Service (QoS).

Traceback model for identifying sources of distributed attacks in real time

Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious end users on their bandwidth shares predefined in the service level agreement. Then, active connections of the malicious users are investigated to locate the host machines used as distributed sources of attack traffic. Mathematical model and simulation results demonstrate that the proposed model can reduce the required time for identifying malicious users and locating host machines used as the actual sources of attack packets. Copyright

Analyzing Data Remnant Remains on User Devices to Determine Probative Artifacts in Cloud Environment

Cloud storage service allows users to store their data online, so that they can remotely access, maintain, manage, and back up data from anywhere via the Internet. Although helpful, this storage creates a challenge to digital forensic investigators and practitioners in collecting, identifying, acquiring, and preserving evidential data. This study proposes an investigation scheme for analyzing data remnants and determining probative artifacts in a cloud environment. Using pCloud as a case study, this research collected the data remnants available on end‐user device storage following the storing, uploading, and accessing of data in the cloud storage. Data remnants are collected from several sources, including client software files, directory listing, prefetch, registry, network PCAP, browser, and memory and link files. Results demonstrate that the collected remnants data are beneficial in determining a sufficient number of artifacts about the investigated cybercrime.

Detection of Black Hole Attacks in Mobile Ad Hoc Networks via HSA-CBDS Method

Security is a critical problem in implementing mobile ad hoc networks (MANETs) because of their vulnerability to routing attacks. Although providing authentication to packets at each stage can reduce the risk, routing attacks may still occur due to the delay in time of reporting and analyzing the packets. Therefore, this authentication process must be further investigated to develop efficient security techniques. This paper proposes a solution for detecting black hole attacks on MANET by using harmony search algorithm (DBHSA), which uses harmony search algorithm (HSA) to mitigate the lateness problem caused by cooperative bait detection scheme (CBDS). Data are simulated and analyzed using MATLAB. The simulation results of HSA, DSR, and CBDS-DSR are provided. This study also evaluates the manner through which HSA can reduce the inherent delay of CBDS. The proposed approach detects and prevents malicious nodes, such as black hole attacks that are launched in MANETs. The results further confirm that the HSA performs better than CBDS and DSR.

Epilepsy Detection from EEG Signals Using Artificial Neural Network

In the field of medical science, one of the major recent researches is the diagnosis of the abnormalities in brain. Electroencephalogram (EEG) is a record of neuro signals that occur due the different electrical activities in the brain. These signals can be captured and processed to get the useful information that can be used in early detection of some mental and brain diseases. Suitable analysis is essential for EEG to differentiate between normal and abnormal signals in order to detect epilepsy which is one of the most common neurological disorders. Epilepsy is a recurrent seizure disorder caused by abnormal electrical discharges from the brain cells, often in the cerebral cortex. This research focuses on the usefulness of EGG signal in detecting seizure activities in brainwaves. Artificial Neural Network (ANN) is used to train the data set. Then tests are conducted on the test data of EEG signals to identify normal (non-seizure) and abnormal (seizure) states of the brain. Finally, accuracy is computed to evaluate the performance of ANN. The experiments are carried out on CHB-MIT Scalp EEG Database. The experiments show plausible results from the proposed approach in terms of accuracy.