Ainuddin Wahid Abdul Wahab

A review on feature selection in mobile malware detection

The widespread use of mobile devices in comparison to personal computers has led to a new era of information exchange. The purchase trends of personal computers have started decreasing whereas the shipment of mobile devices is increasing. In addition, the increasing power of mobile devices along with portability characteristics has attracted the attention of users. Not only are such devices popular among users, but they are favorite targets of attackers. The number of mobile malware is rapidly on the rise with malicious activities, such as stealing users data, sending premium messages and making phone call to premium numbers that users have no knowledge. Numerous studies have developed methods to thwart such attacks. In order to develop an effective detection system, we have to select a subset of features from hundreds of available features. In this paper, we studied 100 research works published between 2010 and 2014 with the perspective of feature selection in mobile malware detection. We categorize available features into four groups, namely, static features, dynamic features, hybrid features and applications metadata. Additionally, we discuss datasets used in the recent research studies as well as analyzing evaluation measures utilized.

Network forensics: Review, taxonomy, and open challenges

In recent years, a number of network forensics techniques have been proposed to investigate the increasing number of cybercrimes. Network forensics techniques assist in tracking internal and external network attacks by focusing on inherent network vulnerabilities and communication mechanisms. However, investigation of cybercrime becomes more challenging when cyber criminals erase the traces in order to avoid detection. Therefore, network forensics techniques employ mechanisms to facilitate investigation by recording every single packet and event that is disseminated into the network. As a result, it allows identification of the origin of the attack through reconstruction of the recorded data. In the current literature, network forensics techniques are studied on the basis of forensic tools, process models and framework implementations. However, a comprehensive study of cybercrime investigation using network forensics frameworks along with a critical review of present network forensics techniques is lacking. In other words, our study is motivated by the diversity of digital evidence and the difficulty of addressing numerous attacks in the network using network forensics techniques. Therefore, this paper reviews the fundamental mechanism of network forensics techniques to determine how network attacks are identified in the network. Through an extensive review of related literature, a thematic taxonomy is proposed for the classification of current network forensics techniques based on its implementation as well as target data sets involved in the conducting of forensic investigations. The critical aspects and significant features of the current network forensics techniques are investigated using qualitative analysis technique. We derive significant parameters from the literature for discussing the similarities and differences in existing network forensics techniques. The parameters include framework nature, mechanism, target dataset, target instance, forensic processing, time of investigation, execution definition, and objective function. Finally, open research challenges are discussed in network forensics to assist researchers in selecting the appropriate domains for further research and obtain ideas for exploring optimal techniques for investigating cyber-crimes.

Precipitation Estimation Using Support Vector Machine with Discrete Wavelet Transform

Precipitation prediction is of dispensable importance in many hydrological applications. In this study, monthly precipitation data sets from Serbia for the period 1946–2012 were used to estimate precipitation. To fulfil this objective, three mathematical techniques named artificial neural network (ANN), genetic programming (GP) and support vector machine with wavelet transform algorithm (WT-SVM) were applied. The mean absolute error (MAE), mean absolute percentage error (MAPE), root mean square error (RMSE), Pearson correlation coefficient (r) and coefficient of determination (R2) were used to evaluate the performance of the WT-SVM, GP and ANN models. The achieved results demonstrate that the WT-SVM outperforms the GP and ANN models for estimating monthly precipitation.

A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC.

Topology Discovery in Software Defined Networks: Threats, Taxonomy, and State-of-the-Art

The fundamental role of the software defined networks (SDNs) is to decouple the data plane from the control plane, thus providing a logically centralized visibility of the entire network to the controller. This enables the applications to innovate through network programmability. To establish a centralized visibility, a controller is required to discover a network topology of the entire SDN infrastructure. However, discovering a network topology is challenging due to: 1) the frequent migration of the virtual machines in the data centers; 2) lack of authentication mechanisms; 3) scarcity of the SDN standards; and 4) integration of security mechanisms for the topology discovery. To this end, in this paper, we present a comprehensive survey of the topology discovery and the associated security implications in SDNs. This survey provides discussions related to the possible threats relevant to each layer of the SDN architecture, highlights the role of the topology discovery in the traditional network and SDN, presents a thematic taxonomy of topology discovery in SDN, and provides insights into the potential threats to the topology discovery along with its state-of-the-art solutions in SDN. Finally, this survey also presents future challenges and research directions in the field of SDN topology discovery.

Cloud Log Forensics: Foundations, State of the Art, and Future Directions

Cloud log forensics (CLF) mitigates the investigation process by identifying the malicious behavior of attackers through profound cloud log analysis. However, the accessibility attributes of cloud logs obstruct accomplishment of the goal to investigate cloud logs for various susceptibilities. Accessibility involves the issues of cloud log access, selection of proper cloud log file, cloud log data integrity, and trustworthiness of cloud logs. Therefore, forensic investigators of cloud log files are dependent on cloud service providers (CSPs) to get access of different cloud logs. Accessing cloud logs from outside the cloud without depending on the CSP is a challenging research area, whereas the increase in cloud attacks has increased the need for CLF to investigate the malicious activities of attackers. This paper reviews the state of the art of CLF and highlights different challenges and issues involved in investigating cloud log data. The logging mode, the importance of CLF, and cloud log-as-a-service are introduced. Moreover, case studies related to CLF are explained to highlight the practical implementation of cloud log investigation for analyzing malicious behaviors. The CLF security requirements, vulnerability points, and challenges are identified to tolerate different cloud log susceptibilities. We identify and introduce challenges and future directions to highlight open research areas of CLF for motivating investigators, academicians, and researchers to investigate them.

A data hiding scheme using parity-bit pixel value differencing and improved rightmost digit replacement

The fundamental objectives of image steganographic algorithm are to simultaneously achieve high payload, good visual imperceptibility, and security. This paper proposes a new data hiding method that increases visual quality and payload, as well as maintains steganographic security. The proposed scheme consists of two novel methods of parity-bit pixel value difference (PBPVD) and improved rightmost digit replacement (iRMDR). It partitions the cover image into two non-overlapping pixel blocks. The difference value between pixels in each block is used to determine the selection of PBPVD and iRMDR. According to the experimental results, the iRMDR method attains the best closest stego-pixels for good visual imperceptibility by resolving the region inconsistency problem in the existing RMDR method. In addition, the method reduces the risk of regular/singular (RS) detection attacks caused by its pixel-digit replacement nature. The PBPVD method exploits the pixel value difference (PVD) to adjust an extra parity bit that increases the payload while retaining the similar visual quality of PVD. Moreover, the iterative readjustment process of PBPVD minimizes the underflow/overflow problem. Overall, the proposed method achieves the steganographic objectives and reduces the detection artifacts against RS and pixel difference histogram analysis. A novel embedding method based on pixel difference and digit replacement techniques.This improves the embedding capacity of classical pixel difference method.The closest selection process is used to maintain the visual imperceptibility.This method reduces the risk of RS and PDH steganalysis detection attacks.

Low communication cost (LCC) scheme for localizing mobile wireless sensor networks

Abstract In recent years, the number of applications utilizing mobile wireless sensor networks (WSNs) has increased, with the intent of localization for the purposes of monitoring and obtaining data from hazardous areas. Location of the event is very critical in WSN, as sensing data is almost meaningless without the location information. In this paper, two Monte Carlo based localization schemes termed MCL and MSL* are studied. MCL obtains its location through anchor nodes whereas MSL* uses both anchor nodes and normal nodes. The use of normal nodes would increase accuracy and reduce dependency on anchor nodes, but increases communication costs. For this reason, we introduce a new approach called low communication cost schemes to reduce communication cost. Unlike MSL* which chooses all normal nodes found in the neighbor, the proposed scheme uses set theory to only select intersected nodes. To evaluate our method, we simulate in our proposed scheme the use of the same MSL* settings and simulators. From the simulation, we find out that our proposed scheme is able to reduce communication cost—the number of messages sent—by a minimum of 0.02 and a maximum of 0.30 with an average of 0.18, for varying node densities from 6 to 20, while nonetheless able to retain similar MSL* accuracy rates.

Forensic challenges in mobile cloud computing

Mobile cloud computing (MCC) is fast becoming one of the most essential research topics for distributed resource networks. Users can easily access cloud while offloading their mobile applications from anywhere anytime. Being easy to access, intruder attacks mobile networks to acquire credential from mobile applications inside and outside the cloud computing. To investigate intruders attacks, digital investigator has to identify the root cause of the attack. However, investigating MCC infrastructure is difficult due to its characteristics of virtualization, dispersion of data, multi tenancy, interoperability, and mobility. In this paper, we present an overview of MCC and digital forensics, focusing on its key aspects and significant forensic challenges faced by digital investigators in MCC. The purpose of this paper is to provide a comprehensive understanding about forensic research challenges and re-direct researchers towards new research areas.

A novel forged blurred region detection system for image forensic applications

As new technologies and devices are introduced in the market, the crime rate also increases in developing and developed countries. One such crime is image forgery which can be detected by forensic applications. In this paper, we propose a novel idea for identifying forgery attack done by blur artifact unlike existing forgery attack done by geometrical distortion such as rotation and scaling. The proposed method segment region of interest from the input forgery image based on the combination of statistical analysis with color texture analysis which includes blur artifact region. For each region of interest, we propose a new method for estimating degree of blur to separate forged blur artifact and normal blur artifact. In order to validate the identified forged blur artifact, we explore Fourier and Gabor texture features to study the structure of the forged blur artifact which eliminates false blur forged blur artifact. To evaluate the proposed forged blurred region detection method, we use two standard databases namely, Image data manipulation, and MICC-F220 for experimentation. Experimental results of the proposed method with existing methods show that the proposed method outperforms the existing methods in terms of forged blur artifact region detection.