Azizah Abdul Manaf

Botnet Command and Control Mechanisms

Botnet is most widespread and occurs commonly in todays cyber attacks, resulting in serious threats to our network assets and organizations properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C & C) infrastructure. They are used to distribute commands to the Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, sending large amount of SPAM and other nefarious purposes. Understanding the Botnet C & C channels is a critical component to precisely identify, detect, and mitigate the Botnets threats. Therefore, in this paper we provide a classification of Botnets C & C channels and evaluate well-known protocols (e.g. IRC, HTTP, and P2P) which are being used in each of them.

A Novel Approach for Rogue Access Point Detection on the Client-Side

There is a big risk for public Wi-Fi users being tricked into connecting to rogue access points. Rogue access point is one of the most serious threats in WLAN, since it exposes a large number of users to MITM and evil twin attack. In this paper we propose a practical method that warns users to avoid connecting to the rogue access points. Proposed method compares the gateways and the routes that a packet travels to determine whether an access point is legitimate or not. This method can easily detect Man-In-The-Middle and evil twin attack without any assistance from the WLAN operator.

A secure audio steganography approach

A wide range of steganography techniques has been described in this paper. Beside the evaluation of embedding parameters for the existing techniques, two problems -weaknesses- of substitution techniques are investigated which if they could be solved, the large capacity - strength- of substitution techniques would be practical. Furthermore, a novel, principled approach to resolve the problems is presented. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness.

Exploiting Voronoi diagram properties in face segmentation and feature extraction

Segmentation of human faces from still images is a research field of rapidly increasing interest. Although the field encounters several challenges, this paper seeks to present a novel face segmentation and facial feature extraction algorithm for gray intensity images (each containing a single face object). Face location and extraction must first be performed to obtain the approximate, if not exact, representation of a given face in an image. The proposed approach is based on the Voronoi diagram (VD), a well-known technique in computational geometry, which generates clusters of intensity values using information from the vertices of the external boundary of Delaunay triangulation (DT). In this way, it is possible to produce segmented image regions. A greedy search algorithm looks for a particular face candidate by focusing its action in elliptical-like regions. VD is presently employed in many fields, but researchers primarily focus on its use in skeletonization and for generating Euclidean distances; this work exploits the triangulations (i.e., Delaunay) generated by the VD for use in this field. A distance transformation is applied to segment face features. We used the BioID face database to test our algorithm. We obtained promising results: 95.14% of faces were correctly segmented; 90.2% of eyes were detected and a 98.03% detection rate was obtained for mouth and nose.

An approach to improve the robustness of substitution techniques of audio steganography

Steganography is a technique used to transmit hidden information by modifying an audio signal in an imperceptible manner. The transmission must be possible in spite of subsequent imperceptible alterations (attacks) of the modified signal. We propose a novel approach of substitution technique of audio steganography. Using genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

Efficient intelligent energy routing protocol in wireless sensor networks

In wireless sensor networks energy is a very important issue because these networks consist of lowpower sensor nodes. This paper proposes a new protocol to reach energy efficiency. The protocol has a different priority in energy efficiency as reducing energy consumption in nodes, prolonging lifetime of the whole network, increasing system reliability, increasing the load balance of the network, and reducing packet delays in the network. In the new protocol is proposed an intelligent routing protocol algorithm. It is based on reinforcement learning techniques. In the first step of the protocol, a new clustering method is applied to the network and the network is established using a connected graph. Then data is transmitted using the Q-value parameter of reinforcement learning technique. The simulation results show that our protocol has improvement in different parameters such as network lifetime, packet delivery, packet delay, and network balance.

Robust audio steganography via genetic algorithm

Steganography is a technique used to transmit hidden information by modifying an audio signal in an imperceptible manner. The transmission must be possible in spite of subsequent imperceptible alterations (attacks) of the modified signal. We propose a novel approach of substitution technique of audio steganography. Using genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

A Taxonomy of SQL Injection Detection and Prevention Techniques

While using internet for proposing online services is increasing every day, security threats in the web also increased dramatically. One of the most serious and dangerous web application vulnerabilities is SQL injection. SQL injection attack took place by inserting a portion of malicious SQL query through a non-validated input from the user into the legitimate query statement. Consequently database management system will execute these commands and it leads to SQL injection. A successful SQL injection attack interfere Confidentiality, Integrity and availability of information in the database. Based on the statistical researches this type of attack had a high impact on business. Finding the proper solution to stop or mitigate the SQL injection is necessary. To address this problem security researchers introduce different techniques to develop secure codes, prevent SQL injection attacks and detect them. In this paper we present a comprehensive review of different types of SQL injection detection and prevention techniques. We criticize strengths and weaknesses of each technique. Such a structural classification would further help other researchers to choose the right technique for the further studies.

A Novel Approach for Audio Watermarking

This paper presents a novel, principled approach to resolve the remained problems of substitution technique of audio watermarking. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

Genetic substitution-based audio steganography for high capacity applications

A wide range of steganography techniques has been described in this paper. Beside the evaluation of embedding parameters for the existing techniques, two problems – weaknesses – of substitution techniques are investigated which if they could be solved, the large capacity – strength – of substitution techniques would be practical. Furthermore, a novel, principled approach to resolve the problems is presented. Using the proposed genetic concept, message bits are embedded into multiple, LSB layers, resulting in increased capacity.