Mansour Alsaleh

Revisiting Defenses against Large-Scale Online Password Guessing Attacks

Brute force and dictionary attacks on password-only remote login services are now widespread and ever increasing. Enabling convenient login for legitimate users while preventing such attacks is a difficult problem. Automated Turing Tests (ATTs) continue to be an effective, easy-to-deploy approach to identify automated malicious login attempts with reasonable cost of inconvenience to users. In this paper, we discuss the inadequacy of existing and proposed login protocols designed to address large-scale online dictionary attacks (e.g., from a botnet of hundreds of thousands of nodes). We propose a new Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed to restrict such attacks. While PGRP limits the total number of login attempts from unknown remote hosts to as low as a single attempt per username, legitimate users in most cases (e.g., when attempts are made from known, frequently-used machines) can make several failed login attempts before being challenged with an ATT. We analyze the performance of PGRP with two real-world data sets and find it more promising than existing proposals.

Ultra Wideband Indoor Positioning Technologies: Analysis and Recent Advances

In recent years, indoor positioning has emerged as a critical function in many end-user applications; including military, civilian, disaster relief and peacekeeping missions. In comparison with outdoor environments, sensing location information in indoor environments requires a higher precision and is a more challenging task in part because various objects reflect and disperse signals. Ultra WideBand (UWB) is an emerging technology in the field of indoor positioning that has shown better performance compared to others. In order to set the stage for this work, we provide a survey of the state-of-the-art technologies in indoor positioning, followed by a detailed comparative analysis of UWB positioning technologies. We also provide an analysis of strengths, weaknesses, opportunities, and threats (SWOT) to analyze the present state of UWB positioning technologies. While SWOT is not a quantitative approach, it helps in assessing the real status and in revealing the potential of UWB positioning to effectively address the indoor positioning problem. Unlike previous studies, this paper presents new taxonomies, reviews some major recent advances, and argues for further exploration by the research community of this challenging problem space.

Comparative Survey of Indoor Positioning Technologies, Techniques, and Algorithms

The user location information represents a core dimension as understanding user context is a prerequisite for providing human-centered services that generally improve quality of life. In comparison with outdoor environments, sensing location information in indoor environments requires a higher precision and is a more challenging task due in part to the expected various objects (such as walls and people) that reflect and disperse signals. In this paper, we survey the related work in the field of indoor positioning by providing a comparative analysis of the state-of-the-art technologies, techniques, and algorithms. Unlike previous studies and surveys, our survey present new taxonomies, review some major recent advances, and argue on the area open problems and future potential. We believe this paper would spur further exploration by the research community of this challenging problem space.

Network scan detection with LQS: a lightweight, quick and stateful algorithm

Network scanning reveals valuable information of accessible hosts over the Internet and their offered network services, which allows significant narrowing of potential targets to attack. Addressing and balancing a set of sometimes competing desirable properties is required to make network scanning detection more appealing in practice: 1) fast detection of scanning activity to enable prompt response by intrusion detection and prevention systems; 2) acceptable rate of false alarms, keeping in mind that false alarms may lead to legitimate traffic being penalized; 3) high detection rate with the ability to detect stealthy scanners; 4) efficient use of monitoring system resources; and 5) immunity to evasion. In this paper, we present a scanning detection algorithm designed to accommodate all of these goals. LQS is a fast, accurate, and light-weight scan detection algorithm that leverages the key properties of the monitored network environment as variables that affect how the scanning detection algorithm operates. We also present what is, to our knowledge, the first automated way to estimate a reference baseline in the absence of ground truth, for use as an evaluation methodology for scan detection. Using network traces from two sites, we evaluate LQS and compare its scan detection results with those obtained by the state-of-the-art TRW algorithm. Our empirical analysis shows significant improvements over TRW in all of these properties.

Web Spam: A Study of the Page Language Effect on the Spam Detection Features

Although search engines have deployed various techniques to detect and filter out Web spam, Web stammers continue to develop new tactics to influence the result of search engines ranking algorithms, for the purpose of obtaining an undeservedly high ranks. In this paper, we study the effect of the page language on the spam detection features. We examine how the distribution of a set of selected detection features changes according to the page language. Also, we study the effect of the page language on the detection rate of a given classifier using a selected set of detection features. The analysis results show that selecting suitable features for a classifier that segregates spam pages depends heavily on the language of the examined Web page, due in part to the different set of Web spam mechanisms used by each type of stammers.

Improving Security Visualization with Exposure Map Filtering

Graphical analysis of network traffic flows helps security analysts detect patterns or behaviors that would not be obvious in a text-based environment. The growing volume of network data generated and captured makes it increasingly difficult to detect increasingly sophisticated reconnaissance and stealthy network attacks. We propose a network flow filtering mechanism that leverages the exposure maps technique of Whyte et al. (2007), reducing the traffic for the visualization process according to the network services being offered. This allows focus to be limited to selected subsets of the network traffic, for example what might be categorized (correctly or otherwise) as the unexpected or potentially malicious portion. In particular, we use this technique to filter out traffic from sources that have not gained knowledge from the network in question. We evaluate the benefits of our technique on different visualizations of network flows. Our analysis shows a significant decrease in the volume of network traffic that is to be visualized, resulting in visible patterns and insights not previously apparent.

Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users’ security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users’ behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals’ awareness of the consequences of security threats. By comparing participants’ behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users’ security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones.

Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic Review

The ever-increasing volumes of social knowledge shared in online social networks, the establishment of trustworthy social relationships over these platforms, and the emergence of technologies that allow friendship networks to be inferred from data exchanged in communication networks have motivated researchers to build socially aware authentication schemes. We conduct the first study that surveys the literature related to social authentication. In this paper, we not only created a taxonomy for classifying all social authentication schemes deployed in online or physical social contexts and extensively analyzed their authentication features, but also built a novel framework for evaluating the effectiveness of all social authentication schemes, identified all the practical and theoretical attacks that may be mounted against such schemes, addressed possible defense strategies, and identified challenges, open questions, and future research opportunities. To measure their accuracy, strengths, weaknesses, and limitations, as well as to identify the potential of knowledge-based and trust-based social authentication schemes, a comprehensive comparative assessment of the security, usability, and deployability was conducted. We hope, by providing a solid foundation for gaining sufficient understanding of the manners in which users’ social interactions have been utilized in user authentication schemes and their corresponding security implications, we will guide future research in this domain.

Combating Comment Spam with Machine Learning Approaches

The feature of posting comments enables websites visitors (e.g., Youtube and Amazon) to interact and contribute to the posted content by adding comments. The fact that such comments are becoming part of the website content so that many visitors read them and that such comments are usually unvetted make them attractive to spammers for the purposes of advertising, spreading malware, phishing attacks, or spreading political or religious views. Due to large volume of comment spam, using manual filtration and vetting is unpractical and hence automatic spam detection techniques play a de-facto role in fighting spam content. In this paper, we propose and develop a comment spam detection mechanism that can be deployed as a browser plugin for inspecting the Document Object Model (DOM) of the web page in question and remove comments with spam content. We examine most detection features in the literature along with proposing new features to build a comment spam classifier. In order to test the accuracy of our classifier, we manually label a new corpus of blogs comments. We encourage other researchers to build upon our work and we hope that our corpus will benefit the research community in this area.

Visualizing PHPIDS log files for better understanding of web server attacks

The prevalence and severity of application-layer vulnerabilities increase dramatically their corresponding attacks. In this paper, we present an extension to PHPIDS, an open source intrusion detection and prevention system for PHP-based web applications, to visualize its security log. The proposed extension analyzes PHPIDS logs, correlates these logs with the corresponding web server logs, and plots the security-related events. We use a set of tightly coupled visual representations of HTTP server requests containing known and suspicious malicious content, to provide system administrators and security analysts with fine-grained visual-based querying capabilities. We present multiple case studies to demonstrate the ability of our PHPIDS visualization extension to support security analysts with analytic reasoning and decision making in response to ongoing web server attacks. Experimenting the proposed PHPIDS visualization extension on real-world datasets shows promise for providing complementary information for effective situational awareness.