Ammar Alazab

Cybercrime: The Case of Obfuscated Malware

Cybercrime has rapidly developed in recent years and malware is one of the major security threats in computer which have been in existence from the very early days. There is a lack of understanding of such malware threats and what mechanisms can be used in implementing security prevention as well as to detect the threat. The main contribution of this paper is a step towards addressing this by investigating the different techniques adopted by obfuscated malware as they are growingly widespread and increasingly sophisticated with zero-day exploits. In particular, by adopting certain effective detection methods our investigations show how cybercriminals make use of file system vulnerabilities to inject hidden malware into the system. The paper also describes the recent trends of Zeus botnets and the importance of anomaly detection to be employed in addressing the new Zeus generation of malware.

Performance evaluation of e-government services using balanced scorecard: an empirical study in Jordan

Purpose – The purpose of this paper is to emphasise on a balance between quantitative and qualitative measures, and examine the use of Balanced Scorecard to evaluate and estimate the performance of information and communication technologies (ICT) in delivering valuable e‐government services through the internet.Design/methodology/approach – This study tests the hypotheses of e‐government effectiveness using Balanced Scorecard technique by incorporating qualitative measures within a quantitative research methodology with data collected by means of a survey questionnaire. The survey sample of 383 stakeholders includes common customers, employees of e‐government, and employees from the IT sector. The survey data were analysed to test the hypothesis in measuring e‐government effectiveness from Balanced Scorecards four dimensions: customer perspective, financial perspective, internal business process perspective, and innovation and learning perspective.Findings – The results show that the Balanced Scorecard f...

Using feature selection for intrusion detection system

A good intrusion system gives an accurate and efficient classification results. This ability is an essential functionality to build an intrusion detection system. In this paper, we focused on using various training functions with feature selection to achieve high accurate results. The data we used in our experiments are NSL-KDD. However, the training and testing time to build the model is very high. To address this, we proposed feature selection based on information gain, which can contribute to detect several attack types with high accurate result and low false rate. Moreover, we performed experiments to classify each of the five classes (normal, probe, denial of service (DoS), user to super-user (U2R), and remote to local (R2L). Our proposed outperform other state-of-art methods.

Using response action with intelligent intrusion detection and prevention system against web application malware

– The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. , – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). , – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. , – Data limitation. , – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Six Sigma Approach to Improve Quality in E-Services: An Empirical Study in Jordan

This paper investigates the application of the Six Sigma approach to improve quality in electronic services e-services as more countries are adopting e-services as a means of providing services to their people through the Web. This paper presents a case study about the use of Six Sigma model to measure customer satisfaction and quality levels achieved in e-services that were recently launched by public sector organisations in a developing country, such as Jordan. An empirical study consisting of 280 customers of Jordans e-services is conducted and problems are identified through the DMAIC phases of Six Sigma. The service quality levels are measured and analysed using six main criteria: Website Design, Reliability, Responsiveness, Personalization, Information Quality, and System Quality. The study indicates a 74% customer satisfaction with a Six Sigma level of 2.12 has enabled the Greater Amman Municipality to identify the usability issues associated with their e-services offered by public sector organisations. The aim of the paper is not only to implement Six Sigma as a measurement-based strategy for improving e-customer service in a newly launched e-service programme, but also widen its scope in investigating other service dimensions and perform comparative studies in other developing countries.

Crime Toolkits: The Productisation of Cybercrime

The productisation of crime toolkits is happening at an ever-increasing rate. Previous attacks that required in-depth knowledge of computer systems can now be purchased online. Large scale attacks previously requiring months to set-up a botnet can now be scheduled for a small fee. Criminals are leveraging this opportunity of commercialization, by compromising web applications and users browser, to gain advantages such as using the computers resources for launching further attacks, or stealing data such as identifying information.Crime toolkits are being developed to attack an increasing number of applications and can now be deployed by attackers with little technical knowledge. This paper surveys the current trends in crime toolkits, with a case study on the Zeus botnet. We profile the types of exploits that malicious writers prefer, with a view to predicting future attack trends. We find that the scope for damage is increasing, particularly as specialisation and scale increase in cybercrime.

Malware detection and prevention system based on multi-stage rules

The continuously rising Internet attacks pose severe challenges to develop an effective Intrusion Detection System (IDS) to detect known and unknown malicious attack. In order to address the problem of detecting known, unknown attacks and identify an attack grouped, the authors provide a new multi stage rules for detecting anomalies in multi-stage rules. The authors used the RIPPER for rule generation, which is capable to create rule sets more quickly and can determine the attack types with smaller numbers of rules. These rules would be efficient to apply for Signature Intrusion Detection System (SIDS) and Anomaly Intrusion Detection System (AIDS).

Developing an Intelligent Intrusion Detection and Prevention System against Web Application Malware

Malware authors are continuously developing crime toolkits. This has led to the situation of zero-day attacks, where malware harm computer systems despite the protection from existing Intrusion Detection Systems (IDSs). We propose an Intelligent Intrusion Detection and Prevention System (IIDPS) approach that combines the Signature based Intrusion Detection system (SIDS), Anomaly based Intrusion Detection System (AIDS) and Response Intrusion Detection System (RIDS). We used a risk assessment approach to determine an appropriate response action against each attack event. We also demonstrated the IIDPS make the detection and prevention of malware more effective.

GOM: New genetic optimizing model for broadcasting tree in MANET

Data broadcasting in a mobile ad-hoc network (MANET) is the main method of information dissemination in many applications, in particular for sending critical information to all hosts. Finding an optimal broadcast tree in such networks is a challenging task due to the broadcast storm problem. The aim of this work is to propose a new genetic model using a fitness function with the primary goal of finding an optimal broadcast tree. Our new method, called Genetic Optimisation Model (GOM) alleviates the broadcast storm problem to a great extent as the experimental simulations result in efficient broadcast tree with minimal flood and minimal hops. The result of this model also shows that it has the ability to give different optimal solutions according to the nature of the network.

Crime Toolkits: The Current Threats to Web Applications

Abstract Increasingly, web applications are being developed over the Internet. Securing these web applications is becoming important as they hold critical security features. However, cybercriminals are becoming smarter by developing a crime toolkit, and employing sophisticated techniques to evade detection. These crime toolkits can be used by any person to target Internet users. In this paper, we explore the techniques used in crime toolkits. We present a current state-of-the-art analysis of crime toolkits and focus on attacks against web applications. The crime toolkit techniques are compared with the vulnerability of web applications to help reveal particular behavior such as popular web application vulnerabilities that malicious writers prefer. In addition, we outline the existing protection mechanism, and observe that the possibility for damage is rising, particularly as specialization and scale increase in cybercrime.