Hisham A. Kholidy

DDSGA: A Data-Driven Semi-Global Alignment Approach for Detecting Masquerade Attacks

A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the runtime overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4 percent with a low false positive rate of 1.7 percent. It improves the hit ratio of the enhanced SGA by about 21.9 percent and reduces Maxion-Townsend cost by 22.5 percent. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.

An adaptive decentralized scheduling mechanism for peer-to-peer Desktop Grids

P2P desktop grid has recently been an attractive computing paradigm for high throughput applications. Desktop grid computing is complicated by heterogeneous capabilities, failures, volatility, and lack of trust because it is based on desktop computers. One of the important challenges of P2P desktop grid computing is the development of scheduling mechanisms that adapt to such a dynamic computing environment. This paper proposes an adaptive decentralized scheduling mechanism in which matchmaking is performed between resource requirements of outstanding tasks and resource capabilities of available workers. The matchmaking approach is based on fuzzy logic. Experimental results show that, implementing the proposed fuzzy matchmaking based scheduling mechanism maximized the resource utilization of executing workers without exceeding the maximum execution time of the task.

CIDD: A Cloud Intrusion Detection Dataset for Cloud Computing and Masquerade Attacks

Masquerade attacks pose a serious threat for cloud system due to the massive amount of resource of these systems. Lack of datasets for cloud computing hinders the building of efficient intrusion detection of these attacks. Current dataset cannot be used due to the heterogeneity of user requirements, the distinct operating systems installed in the VMs, and the data size of Cloud systems. This paper presents a Cloud Intrusion Detection Dataset (CIDD) that is the first one for cloud systems and that consists of both knowledge and behavior based audit data collected from both UNIX and Windows users. With respect to current datasets, CIDD has real instances of host and network based attacks and masquerades, and provides complete diverse audit parameters to build efficient detection techniques. The final statistic tables for each user are built by Log Analyzer and Correlator System (LACS) that parses and analyzes users binary log files, and correlates audits data according to user IP address(es) and audit time. We describe in details the components and the architecture of LACS and CIDD, and the attacks distribution in CIDD.

QoS Optimization for Cloud Service Composition Based on Economic Model

Cloud service composition is usually long term based and economically driven. Services in cloud computing can be categorized into two groups: Application services and Computing Services. Compositions in the application level are similar to the Web service compositions in Service-Oriented Computing. Compositions in the computing level are similar to the task matching and scheduling in grid computing. We consider cloud service composition from end users perspective. We propose Genetic Algorithm-based approach to model the cloud service composition problem. A comparison is given between the proposed composition approach and other existing algorithms such as Integer Linear Programming. The experiment results proved the efficiency of the proposed approach.

HA-CIDS: A Hierarchical and Autonomous IDS for Cloud Systems

Cloud computing is an attractive model that provides the delivery of on-demand computing resources over the Internet and on a pay-for-use basis. However, while intruders may exploit clouds for their advantage, most IDS solutions are not suitable for cloud environments. This paper presents a hierarchical and autonomous cloud based intrusion detection system, HA-CIDS. The framework continuously monitors and analyzes system events and computes the security and risk parameters. An autonomous controller receives security parameters computed by the framework and selects the most appropriate response to protect the cloud against detected attacks, as well as recover any corrupted data or affected services. Beside autonomous response to detected attacks, HA-CIDS has several autonomous capabilities to provide self-resilience and fault tolerance. We developed a testbed to evaluate the performance and accuracy of the framework. The architecture, design, and deployment of HACIDS are given in this paper.

A Finite State Hidden Markov Model for Predicting Multistage Attacks in Cloud Systems

Cloud computing significantly increased the security threats because intruders can exploit the large amount of cloud resources for their attacks. However, most of the current security technologies do not provide early warnings about such attacks. This paper presents a Finite State Hidden Markov prediction model that uses an adaptive risk approach to predict multi-staged cloud attacks. The risk model measures the potential impact of a threat on assets given its occurrence probability. The attacks prediction model was integrated with our autonomous cloud intrusion detection framework (ACIDF) to raise early warnings about attacks to the controller so it can take proactive corrective actions before the attacks pose a serious security risk to the system. According to our experiments on DARPA 2000 dataset, the proposed prediction model has successfully fired the early warning alerts 39.6 minutes before the launching of the LLDDoS1.0 attack. This gives the auto response controller ample time to take preventive measures.

A study for access control flow analysis with a proposed job analyzer component based on stack inspection methodology

Security problems arise in software systems are very challenging. Using program analysis techniques and some language based security rules can help in enforcing application-level security through control access to program resources and verification of control flow of the information inside the program based on some security properties. This paper presents a new job analyzer component for an intrusion detection system which works inside our developed computational grid system called “HIMAN” to analyze access required by a certain submitted task to the grid resources. This paper consists of three parts. First part is a survey for the previous work for access control, information flow security analyses, and the stack inspection methodology. Second part is a representation for a static analysis study for enhancing the stack inspection methodology in order to optimize the program complexity. Finally, the third part explains how to use the access control flow analysis based on the enhanced stack inspection methodology described in this paper to develop the new job analyzer component.

Attack Prediction Models for Cloud Intrusion Detection Systems

In spite of the functional and economic benefits of the cloud-computing systems, they also expose entirely several attacks. Most of the current cloud security technologies do not provide early warnings about such attacks. The early warnings give the cloud administrator or the auto response controller ample time to take preventive measures. This paper discusses our three prediction models that are integrated to our Autonomic Cloud Intrusion Detection Framework (ACIDF) namely, The Finite State Hidden Markov prediction model (FSHMPM), The Finite Context Prediction Model (FCPM) that uses a Variable Order Markov Model (VMM) with a Probabilistic Suffix Tree (PST), and HoltWinter Prediction Model (HWPM). We compare these models and highlight the pros and cons of each one. The prediction models were evaluated against DARPA 2000 dataset. The FSHMPM has successfully fired the early warnings 39.6 minutes before the launching of the LLDDoS1.0 attack. The FCPM has successfully fired the early warnings 58.98 minutes before the launching of the same attack. The HWPM has an error rate of 42.07% for HTTP flow forecast and 44.02% for FTP one.

A Finite Context Intrusion Prediction Model for Cloud Systems with a Probabilistic Suffix Tree

The success of the cloud computing paradigm depends on how effectively the cloud infrastructures will be able to instantiate and dynamically maintain computing platforms that meet Quality of Service (QoS) requirements. Most of the current security technologies do not provide early warnings about future ongoing attacks. This paper introduces new techniques in prediction model that is built based on Variable Order Markov Model and Probabilistic Suffix Tree. The proposed model uses a risk assessment model to evaluate the overall risk in the cloud system. According to our experiments on DARPA 2000 dataset, the prediction model has successfully signaled early warning alerts 58.983 minutes before the launching of the LLDDoS1.0 attack and 43.93 minutes before the launching of the LLDDoS2.0. This gives the system administrator or an autonomic system ample time to take corrective action.

Towards developing an Arabic word alignment annotation tool with some Arabic alignment guidelines

Word Alignment is an important supporting task for different NLP applications like training of machine translation systems, translation lexicon induction, word sense discovery, word sense disambiguation, information extraction and the cross-lingual projection of linguistic information. In this paper we study the main rules and guidelines required to build an aligner tool for Arabic language which should help in correcting most of alignment errors. These errors are identified by considering the outputs of some already existing aligner annotation tools.