Mariam Nouh

A malicious activity detection system utilizing predictive modeling in complex environments

Complex enterprise environments consist of globally distributed infrastructure with a variety of applications and a large number of activities occurring on a daily basis. This increases the attack surface and narrows the view of ongoing intrinsic dynamics. Thus, many malicious activities can persist under the radar of conventional detection mechanisms long enough to achieve critical mass for full-fledged cyber attacks. Many of the typical detection approaches are signature-based and thus are expected to fail in the face of zero-day attacks. In this paper, we present the building-blocks for developing a Malicious Activity Detection System (MADS). MADS employs predictive modeling techniques for the detection of malicious activities. Unlike traditional detection mechanisms, MADS includes the detection of both network-based intrusions and malicious user behaviors. The system utilizes a simulator to produce holistic replication of activities, including both benign and malicious, flowing within a given complex IT environment. We validate the performance and accuracy of the simulator through a case study of a Fortune 500 company where we compare the results of the simulated infrastructure against the physical one in terms of resource consumption (i.e., CPU utilization), the number of concurrent users, and response times. In addition to an evaluation of the detection algorithms with varying hyper-parameters and comparing the results.

CoPI: a web-based collaborative planning interface platform

In this paper we present the Collaborative Planning Interface (CoPI), a web-based multiuser collaboration interface platform for planning of complex systems. The interface provides analytical and visualization components to support decision makers. The Interface is designed using a user-centered design approach, while considering existing tools and environments in the field of decision support systems. The architecture and structure of the Interface are described as well as the flow of the user experience within the system. Finally, a case study explains the use of CoPI in collaborative policy planning for large-scale infrastructures.

Towards Cloud-Based Decision Support Platform for Group Decision Making

Nowadays, the shift towards cloud computing services is rapidly increasing. Organizations are leaning more towards adopting cloud-based services to increase their computation and processing power with reduced operational and maintenance costs. Similarly, being in the information age where huge amounts of information are generated daily from multiple interconnected systems makes it more challenging to absorb this information and make accurate informed decisions. Thus, the need for an automated well-structured approach for decision making is evident. Decision Support Systems (DSS) are interactive software-based systems that play a fundamental role as a technology enabler to provide analytical and visualization capabilities to support decision makers make accurate decisions. In this paper, we present an architecture framework for building a cloud-based distributed DSS to facilitate the decision making process for the planning and design of complex systems. The framework provides a group decision making platform to be utilized by different stakeholders. The framework offers a web portal that leverages a collection of new, open-source technologies and protocols as well as open standards. These are important for interoperable access across technologies, platforms, and mobile devices.

Towards Designing a Multipurpose Cybercrime Intelligence Framework

With the wide spread of the Internet and the increasing popularity of social networks that provide prompt and ease of communication, several criminal and radical groups have adopted it as a medium of operation. Existing literature in the area of cybercrime intelligence focuses on several research questions and adopts multiple methods using techniques such as social network analysis to address them. In this paper, we study the broad state-of-the-art research in cybercrime intelligence in order to identify existing research gaps. Our core aim is designing and developing a multipurpose framework that is able to fill these gaps using a wide range of techniques. We present an outlineof a framework designed to aid law enforcement in detecting, analysing and making sense out of cybercrime data.

Security Aspect Weaving

In this chapter, we present the design and implementation of the proposed security weaving framework. We start by providing a high-level overview that summarizes the main steps and the technologies that are followed to implement the weaving framework. Afterwards, we present the details of each weaving step. The proposed weaver is implemented as a model-to-model (M2M) transformation using the OMG standard Query/View/Transformation (QVT) language. In addition, it covers all the diagrams that are supported by our approach, i.e., class diagrams, state machine diagrams, activity diagrams, and sequence diagrams. For each diagram, we provide algorithms that implement its corresponding weaving adaptations. Moreover, we present the transformation rules that implement each aspect adaptation rule.

Model-Based Security

In this chapter, we present the background related to security at the modeling level. We start by investigating security specification approaches for UML design: (1) using UML artifacts, (2) extending UML meta-language, and (3) creating a new meta-language. Afterwards, we evaluate the usability of these approaches for security specification according to a set of defined criteria. Finally, we overview the main design mechanisms that are adopted for security hardening at the modeling level. These are security design patterns, mechanism-directed meta-languages, and aspect-oriented modeling.

Security Aspect Specification

In this chapter, we present the AOM profile proposed for the specification of security aspects on UML design models. The proposed profile covers the main UML diagrams that are used in software design, i.e., class diagrams, state machine diagrams, sequence diagrams, and activity diagrams. In addition, it covers most common AOP adaptations, i.e., adding new elements before, after, or around specific points, and removing existing elements. Moreover, we present a high-level and user-friendly pointcut language proposed to designate the locations where aspect adaptations should be injected into base models.

Static Matching and Weaving Semantics in Activity Diagrams

In this chapter, we present formal specifications for aspect matching and weaving in UML activity diagrams. We formalize both types of adaptations, i.e., add adaptations and remove adaptations. For the join point model, we consider not only executable nodes, i.e., action nodes, but also various control nodes. In addition, we derive algorithms for matching and weaving based on the semantic rules. Finally, we prove the correctness and the completeness of these algorithms with respect to the proposed semantics.

Aspect-Oriented Paradigm

In this chapter, we present an overview of the main Aspect-Oriented Programming (AOP) models. Additionally, we discuss the appropriateness of these AOP models from a security perspective. Moreover, we present the main constructs of the pointcut-advice model that is adopted in our framework. Finally, we introduce the main concepts of Aspect-Oriented Modeling (AOM).

Dynamic Matching and Weaving Semantics in \(\lambda \)-Calculus

In this chapter, we present a denotational semantics for aspect matching and weaving in lambda-calculus. The proposed semantics is based on the so-called Continuation-Passing Style (CPS) since this style of semantics provides a precise, accurate, and elegant description of aspect-oriented mechanisms. We first formalize semantics for a core language based on lambda-calculus. Afterwards, we extend the semantics by considering flow-based pointcuts, such as control flow and data flow that are important from a security perspective.