Amr M. Youssef

On the analysis of the Zeus botnet crimeware toolkit

In this paper, we present our reverse engineering results for the Zeus crimeware toolkit which is one of the recent and powerful crimeware tools that emerged in the Internet underground community to control botnets. Zeus has reportedly infected over 3.6 million computers in the United States. Our analysis aims at uncovering the various obfuscation levels and shedding the light on the resulting code. Accordingly, we explain the bot building and installation/infection processes. In addition, we detail a method to extract the encryption key from the malware binary and use that to decrypt the network communications and the botnet configuration information. The reverse engineering insights, together with network traffic analysis, allow for a better understanding of the technologies and behaviors of such modern HTTP botnet crimeware toolkits and opens an opportunity to inject falsified information into the botnet communications which can be used to defame this crimeware toolkit.

Power quality disturbance classification using the inductive inference approach

This paper presents a novel approach for the classification of power quality disturbances. The approach is based on inductive learning by using decision trees. The wavelet transform is utilized to produce representative feature vectors that can accurately capture the unique and salient characteristics of each disturbance. In the training phase, a decision tree is developed for the power quality disturbances. The decision tree is obtained based on the features produced by the wavelet analysis through inductive inference. During testing, the signal is recognized using the rules extracted from the decision tree. The classification accuracy of the decision tree is not only comparable with the classification accuracy of artificial Neural networks, but also accounts for the explanation of the disturbance classification via the produced if... then rules.

Ultra-Dense Networks: A Survey

The exponential growth and availability of data in all forms is the main booster to the continuing evolution in the communications industry. The popularization of traffic-intensive applications including high definition video, 3-D visualization, augmented reality, wearable devices, and cloud computing defines a new era of mobile communications. The immense amount of traffic generated by todays customers requires a paradigm shift in all aspects of mobile networks. Ultradense network (UDN) is one of the leading ideas in this racetrack. In UDNs, the access nodes and/or the number of communication links per unit area are densified. In this paper, we provide a survey-style introduction to dense small cell networks. Moreover, we summarize and compare some of the recent achievements and research findings. We discuss the modeling techniques and the performance metrics widely used to model problems in UDN. Also, we present the enabling technologies for network densification in order to understand the state-of-the-art. We consider many research directions in this survey, namely, user association, interference management, energy efficiency, spectrum sharing, resource management, scheduling, backhauling, propagation modeling, and the economics of UDN deployment. Finally, we discuss the challenges and open problems to the researchers in the field or newcomers who aim to conduct research in this interesting and active area of research.

Hyper-bent Functions

Bent functions have maximal minimum distance to the set of affine functions. In other words, they achieve the maximal minimum distance to all the coordinate functions of affine monomials. In this paper we introduce a new class of bent functions which we call hyper-bent functions. Functions within this class achieve the maximal minimum distance to all the coordinate functions of all bijective monomials. We provide an explicit construction for such functions. We also extend our results to vectorial hyper-bent functions.

Disturbance classification utilizing dynamic time warping classifier

The application of deregulation policies in electric power systems results in the absolute necessity to quantify power quality. This fact highlights the need for a new classification strategy which is capable of tracking, detecting, and classifying power-quality events. In this paper, a new classification approach that is based on the dynamic time warping (DTW) algorithm is proposed. The new algorithm is supported by the vector quantization (VQ) and the fast match (FM) techniques to speed up the classification process. The Walsh transform (WT) and the fast Fourier transform (FFT) are adopted as feature extraction tools. The application of the combined fast match-dynamic time warping (FM-DTW) algorithms provides superior results in speed and accuracy compared to the traditional artificial neural networks and fuzzy logic classifiers. Moreover, the proposed classifier proves to have a very low sensitivity to noise levels.

Cryptographic properties of the Welch-Gong transformation sequence generators

Welch-Gong (WG) transformation sequences are binary sequences of period 2/sup n/ - 1 with two-level autocorrelation. These sequences were discovered by Golomb, Gong, and Gaal (1998) and they verified the validity of their construction for 5 /spl les/ n /spl les/ 20. Later, No, Chung, and Yun (1998) found another way to construct the WG sequences and verified their result for 5 /spl les/ n /spl les/ 20. Dillon (1998) first proved this result for odd n, and, finally, Dobbertin and Dillon (1999) proved it for even n. In this paper, we investigate a two-faced property of the WG transformation sequences for application in stream ciphers and pseudorandom number generators. One is to present the randomness or unpredictability of the WG transformation sequences. The other is to exhibit the security properties of the WG transformations regarded as Boolean functions. In particular, we prove that the WG transformation sequences, in addition to the known two-level autocorrelation and three-level cross correlation with m-sequences, have the ideal 2-tuple distribution, and large linear span increasing exponentially with n. Moreover, it can be implemented efficiently. This is the first type of pseudorandom sequences with good correlation, statistic properties, large linear span, and efficient implementation. When WG transformations are regarded as Boolean functions, they have high nonlinearity. We derive a criterion for the Boolean representation of WG transformations to be r-resilient and show that they are at least 1-resilient under some basis of the finite field GF (2/sup n/). An algorithm to find such bases is given. The degree and linear span of WG transformations are presented as well.

A Water-Filling Based Scheduling Algorithm for the Smart Grid

The processing and communication capabilities of the smart grid provide a solid foundation for enhancing its efficiency and reliability. These capabilities allow utility companies to adjust their offerings in a way that encourages consumers to reduce their peak hour consumption, resulting in a more efficient system. In this paper, we propose a method for scheduling a communitys power consumption such that it becomes almost flat. Our methodology utilizes distributed schedulers that allocate time slots to soft loads probabilistically based on precalculated and predistributed demand forecast information. This approach requires no communication or coordination between scheduling nodes. Furthermore, the computation performed at each scheduling node is minimal. Obtaining a relatively constant consumption makes it possible to have a relatively constant billing rate and eliminates operational inefficiencies. We also analyze the fairness of our proposed approach, the effect of the possible errors in the demand forecast, and the participation incentives for consumers.

Disturbance classification using Hidden Markov Models and vector quantization

This paper presents a novel approach to the classification of power quality disturbances by the employment of Hidden Markov Models. In these models, power quality disturbances are represented by a sequence of consecutive frames. Both the Fourier and Wavelet Transforms are utilized to produce sequence of spectral vectors that can accurately capture the salient characteristics of each disturbance. Vector Quantization is used to assign chain of labels for power quality disturbances utilizing their spectral vectors. From these labels, a separate Hidden Markov Model is developed for each class of the power quality disturbances in the training phase. During the testing stage, the unrecognized disturbance sequence is matched against all the developed Hidden Markov Models. The best-matched model pinpoints the class of the unknown disturbance. Simulation results prove the competence of the proposed algorithm.

Speaker recognition from encrypted VoIP communications

Most of the voice over IP (VoIP) traffic is encrypted prior to its transmission over the Internet. This makes the identity tracing of perpetrators during forensic investigations a challenging task since conventional speaker recognition techniques are limited to un-encrypted speech communications. In this paper, we propose techniques for speaker identification and verification from encrypted VoIP conversations. Our experimental results show that the proposed techniques can correctly identify the actual speaker for 70-75% of the time among a group of 10 potential suspects. We also achieve more than 10 fold improvement over random guessing in identifying a perpetrator in a group of 20 potential suspects. An equal error rate of 17% in case of speaker verification on the CSLU speaker recognition corpus is achieved.

Resistance of balanced s-boxes to linear and differential cryptanalysis

We study the marginal density of the XOR distribution table, and the linear approximation table entries of regular substitution boxes (s-boxes). Based on this, we show that the fraction of good s-boxes (with regard to immunity against linear and differential cryptanalysis) increases dramatically with the number of input variables.