Habibah Hashim

An efficient false alarm reduction approach in HTTP-based botnet detection

In recent years, bots and botnets have become one of the most dangerous infrastructure to carry out nearly every type of cyber-attack. Their dynamic and flexible nature along with sophisticated mechanisms makes them difficult to detect. One of the latest generations of botnet, called HTTP-based, uses the standard HTTP protocol to impersonate normal web traffic and bypass the current network security systems (e.g. firewalls). Besides, HTTP protocol is commonly used by normal applications and services on the Internet, thus detection of the HTTP botnets with a low rate of false alarms (e.g. false negative and false positive) has become a notable challenge. In this paper, we review the current studies on HTTP-based botnet detection in addition to their shortcomings. We also propose a detection approach to improve the HTTP-based botnet detection regarding the rate of false alarms and the detection of HTTP bots with random patterns. The testing result shows that the proposed method is able to reduce the false alarm rates in HTTP-based botnet detection successfully.

A lightweight and secure TFTP protocol for smart environment

“Internet of Things” (IOT) has become the everyday buzz words in recent years. As part and parcel of the Smart environment where human beings and things interact intelligently, trust and mobility becomes the basic prerequisites. However, to unify trust and mobility, a security protocol must be used for information exchanges among human and things; as well as between things and things (such as between Wi-Fi Client and Wi-Fi AP). In this paper, we present an enhancement of a security protocol for bulk data transfer amongst embedded devices (similar to the practices in IOT). We also proposed a security framework for enhancing security, trust and privacy (STP) for embedded system infrastructure. We suggested the use of lightweight symmetric encryption (for data) and asymmetric encryption (for key exchange) protocols in Trivial File Transfer Protocol (TFTP). The target implementation of TFTP is for embedded devices such as Wi-Fi Access Points (AP) and remote Base Stations (BS). We have chosen Das U-Boot (Universal Boot loader) as the horizontal security platform for this new security implementation which is suitable for Smart Environment.

Implementation of Quality of Service (QoS) in Multi Protocol Label Switching (MPLS) networks

The recent evolution of IP networks are seeing IP applications becoming more complex and requiring higher bandwidth consumption. More recently, IP networks are employing Multi Protocol Label Switching (MPLS) which offers better switching and enables Virtual Private Network (VPN). However, the service quality is becoming a major issue in MPLS networks due to having to accommodate the higher bandwidth consumption by certain applications such as voice over IP (VoIP), client-server and peer-to-peer applications, java applications and customized applications. This paper will focus on the implementation of Quality of Service (QoS) in MPLS networks using the java network simulation tool called J-SIM. There are many types quality of service can be offered in MPLS network and one of them is Differentiated Services or Diffserv which is being used in this work. This paper presents the QoS benefits of Diff-Serv aware MPLS networks when simulating the network using J-Sim. Outputs such as throughput and packet drops will be discussed in this paper also.

A review on pairing based cryptography in Wireless Sensor Networks

This paper, presents a detailed review of the works on pairing algorithm and its application in Identity-Based Encryption (IBE) scheme for Wireless Sensor Networks (WSNs). WSNs device is a device that resource constrained, limited memory storage and open to a third party attack. This issue has been widely recognized and much research has been in this area, improving the hardware and the software. The main focus of many scholars was on the pairing algorithm which applied with Identity Based Scheme. By investigating works on pairing, studies found that, Ate pairing is currently the fastest pairing algorithm available. This research is hope to enhance current understanding on the 32-bit platform on the future work.

Periodicity classification of HTTP traffic to detect HTTP Botnets

Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since the HTTP service is being widely used by the Internet applications, it is not easy to block this service as a precautionary measure and other techniques are required to detect and deter the Bot menace. The HTTP Bots periodically connect to particular web pages or URLs to get commands and updates from the Botmaster. In fact, this identifiable periodic connection pattern has been used in several studies as a feature to detect HTTP Botnets. In this paper, we review the current studies on detection of periodic communications in HTTP Botnets as well as the shortcomings of these methods. Consequently, we propose three metrics to be used in identifying the types of communication patterns according to their periodicity. Test results show that in addition to detecting HTTP Botnet communication patterns with 80% accuracy, the proposed method is able to efficiently classify communication patterns into several periodicity categories.

Privacy preservation in Location-Based Services (LBS) through Trusted Computing technology

Location privacy in Location Based Services (LBS) is the ability to protect the association between users identity, query sources, servers and database, thereby preventing an imminent attacker from easily linking users of LBS to certain locations. This paper studies recent schemes designed to offer location privacy and anonymity to LBS users. The main idea is to solve current practical problem by proposing a new framework of LBS Middleware called Trusted Anonymizer (TA) secured by Trusted Computing (TC) technologies. Firstly, we propose an architecture of Clustered Trusted Anonymizer (CTA) to mitigate bottlenecks as well as preventing TA from becoming a single point of failure. Secondly, we focus on a concrete efficient Direct Anonymous Attestation (DAA) scheme with the main functionalities adopted by TCG-compliant platforms in attestation environments. Each party involved in the LBS chain will be equipped with security platforms namely Trusted Platform Module (TPMs) and Mobile Trusted Module (MTMs). Hence, links and services form a trusted infrastructure for mobile and wireless networks.

A data collection approach for Mobile Botnet analysis and detection

Recently, MoBots or Mobile Botnets have become one of the most critical challenges in mobile communication and cyber security. The integration of Mobile devices with the Internet along with enhanced features and capabilities has made them an environment of interest for cyber criminals. Therefore, the spread of sophisticated malware such as Botnets has significantly increased in mobile devices and networks. On the other hand, the Bots and Botnets are newly migrated to mobile devices and have not been fully explored yet. Thus, the efficiency of current security solutions is highly limited due to the lack of available Mobile Botnet datasets and samples. As a result providing a valid dataset to analyse and understand the Mobile botnets has become a crucial issue in mobile security and privacy. In this paper we present an overview of the current available data set and samples and we discuss their advantages and disadvantages. We also propose a model to implement a mobile Botnet test bed to collect data for further analysis.

Trusted Real Time Operating System: Identifying its characteristics

Real Time Operating System (RTOS) had emerged in the market for the past few decades to provide solutions over various platforms that range from embedded devices to more sophisticated electronic system such nuclear plant and spacecraft. The evolution of the design of operating systems continues to endure the need of diverse applications that run on various platforms. Recently, there was a new element introduced to provide trust enhancement on the platform using Trusted Computing. In this paper, we discussed Trusted Computing and STP framework in providing the mechanism to check whether hardware, software or application running on the platform behaves as expected without need for further verification. We further discussed different architectures of RTOS and introduced the concept of Trusted Real Time Operating System (TRTOS). The term “behave as expected” needs characterization in operating system behaviours so that we can identify any new properties to be added as TRTOS characteristics during design and implementation. This paper identifies a few of these characteristics and further extends the concept of trust in the realization of RTOS.

Finest authorizing member of common criteria certification

Globalization had changed the world landscape into borderless world without limits to sea, land and air space. The development of IT products and services need evaluation and certification. This paper discusses some security and trust issues in Common Criteria in evaluation and certification of IT products and services. Our intention is to help manufacturer in choosing a finest authorizing member of CC certification for IT products and services in varying situations amongst countries participating in the CC certification, be it friendly, neutral or war. The consequence is to help reduce cost to trade these IT products and related services in global market. The ultimate impact is to enable us do more business and market our products in other countries if we have wider acceptability of the CC certification.

Forming Virtualized Secure Framework for Location Based Services (LBS) using Direct Anonymous Attestation (DAA) protocol

The tremendous growth in mobile and wireless communications comes with more pervasive applications. Current mobile device platform does not allow a local or remote user to attest the target platform. The limitation of using existing software-based protection alone can be easily affected by malicious codes and it cannot assure its own integrity. In this paper, we explore a new approach of anonymity issues in Privacy Enhancing Technologies (PETs) which will result in the privacy enhancement of user personal data and location information in mobile network services. We create the foundation for running trusted applications, network and services on top of existing Mobile Location Protocol (MLP). We also propose a Virtualized Secure Framework between mobile devices (clients) and Location Based Services (LBS) Server in Virtual Machine (VM) environment based on Direct Anonymous Attestation protocol. Trusted Platform Module (TPM) acts as the foundation for mobile security mechanisms and privacy of users information. Virtualization is needed to improve the utilization of existing computing resources and to reduce hardware. Every single device found in a physical machine will be virtualized in the VMs. DAA protocol is proposed to anonymously verify the authority of users and preserve privacy of users private location information.