Mohd Faizal Abdollah

Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection

The proliferation of Android-based mobile devices and mobile applications in the market has triggered the malware author to make the mobile devices as the next profitable target. With user are now able to use mobile devices for various purposes such as web browsing, ubiquitous services, online banking, social networking, MMS and etc, more credential information is expose to exploitation. Applying a similar security solution that work in Desktop environment to mobile devices may not be proper as mobile devices have a limited storage, memory, CPU and power consumption. Hence, there is a need to develop a mobile malware detection that can provide an effective solution to defence the mobile user from any malicious threat and at the same time address the limitation of mobile devices environment. Prior to this matter, this research focused on evaluating the best features selection to be used in the best machine-learning classifiers. To find the best combination of both features selection and classifier, five sets of different feature selection are applies to five different machine learning classifiers. The classifier outcome is evaluated using the True Positive Rate (TPR), False Positive Rate (FPR), and Accuracy. The best combination of both features selection and classifier can be used to reduce features selection and at the same time able to classify the infected android application accurately.

Traceability in digital forensic investigation process

Digital forensic is part of forensic science that implicitly covers crime that is related to computer technology. In a cyber crime, digital evidence investigation requires a special procedures and techniques in order to be used and be accepted in court of law. Generally, the goals of these special processes are to identify the origin of the incident reported as well as maintaining the chain of custody so that the legal process can take its option. Subsequently, the traceability process has become a key or an important element of the digital investigation process, as it is capable to map the events of an incident from difference sources in obtaining evidence of an incident to be used for other auxiliary investigation aspects. Hence, this paper introduces a trace map model to illustrate the relationship in the digital forensic investigation process by adapting and integrating the traceability features. The objective of this integration is to provide the capability of trace and map the evidence to the sources and shows the link between the evidence, the entities and the sources involved in the process, particularly in the collection phase of digital forensic investigation framework. Additionally, the proposed model is expected to help the forensic investigator in obtaining accurate and complete evidence that can be further used in a court of law.

Electrocardiogram (ECG) signals as biometrics in securing Wireless Body Area Network

A recent trend in the field of biometrics is ECG-based, where electrocardiogram (ECG) signals are used as input to the biometric system. Previous work has shown that ECG has a good potential, which can be used alone as a biometric parameter or in combination with some other parameters for greater accuracy, due to its main key properties. This paper presents a study on the applicability of ECG signals in securing Wireless Body Area Network (WBAN) communications. We study the permanence and the distinctiveness properties of ECG signals on 10 random patients. The Independent Component Analysis (ICA) and Fast Fourier Transform (FFT) are applied on the ECG signals obtained from MIT-BIH Normal Synus Rhythm (nsrdb) public database. The experimental results are presented, which exhibit that ECG signal can be utilized properly to achieve better security performance under the stringent constraints of WBAN sensors. Thus, it is believed that the system can naturally secure the information transmission within WBAN, where other techniques use hardware and software to achieve the same purpose.

Enhanced Alert Correlation Framework for Heterogeneous Log

Management of intrusion alarms particularly in identifying malware attack is becoming more demanding due to large amount of alert produced by low-level detectors. Alert correlation can provide high-level view of intrusion alerts but incapable of handling large amount of alarm. This paper proposes an enhanced Alert Correlation Framework for sensors and heterogeneous log. It can reduce the large amount of false alarm and identify the perspective of the attack. This framework is mainly focusing on the alert correlation module which consists of Alarm Thread Reconstruction, Log Thread Reconstruction, Attack Session Reconstruction, Alarm Merging and Attack Pattern Identification module. It is evaluated using metric for effectiveness that shows high correlation rate, reduction rate, identification rate and low misclassification rate. Meanwhile in statistical validation it has highly significance result with p < 0.05. This enhanced Alert Correlation Framework can be extended into research areas in alert correlation and computer forensic investigation.

Profiling mobile malware behaviour through hybrid malware analysis approach

Nowadays, the usage of mobile device among the community worldwide has been tremendously increased. With this proliferation of mobile devices, more users are able to access the internet for variety of online application and services. As the use of mobile devices and applications grows, the rate of vulnerabilities exploitation and sophistication of attack towards the mobile user are increasing as well. To date, Googles Android Operating System (OS) are among the widely used OS for the mobile devices, the openness design and ease of use have made them popular among developer and user. Despite the advantages the android-based mobile devices have, it also invited the malware author to exploit the mobile application on the market. Prior to this matter, this research focused on investigating the behaviour of mobile malware through hybrid approach. The hybrid approach correlates and reconstructs the result from the static and dynamic malware analysis in producing a trace of malicious event. Based on the finding, this research proposed a general mobile malware behaviour model that can contribute in identifying the key features in detecting mobile malware on an Android Platform device.

Preliminary study of host and network-based analysis on P2P Botnet detection

Botnet is a network of compromised computer that running malicious software remotely controlled by an attacker known as Botmaster. The threat of Botnet threaten is widely dangerous and it is crucially to overcome this crisis. Some new bots use P2P protocols to construct command and control system are known as peer-to-peer (P2P) Botnet. More severe when P2P Botnet incorporated the centralized and distributed communication which make it more robust and complicated for detection. Hence, the analysis is necessary to be conducted especially in the combination of host-based and network-based in order to detect bots accurately. This paper provides the details analysis on host-based analysis and network-based analysis to detect P2P bots that will reveal their unique characteristic and behaviors. The result of experimental testbed on datasets show that it is possible to detect effectively P2P Botnet in standalone host and network packets payload. Thus, this analysis can be used for early warning of P2P Botnet activities in the host-and network-level as prevention mechanism.

A novel approach on teaching network security for ICT courses

This paper discusses a curriculum approach that will give emphasis on practical sessions of teaching network security subjects in information and communication technology courses. As we are well aware, the need to use a practice and application oriented approach in education is paramount [1]. Research on active learning and cooperative groups showed that students grasps and have more tendency towards obtaining and realizing soft skills like leadership, communication and team work as opposed to learning using the traditional theory and exam based method. While this teaching and learning paradigm is relatively new in Malaysia, it has been practiced widely in the West. This paper examines a particular approach whereby students learning wireless security are divided into small manageable groups consisting of black hat and white hat team. The former will try to find and expose vulnerabilities in a wireless network while the latter will try to prevent such attacks on their wireless networks using hardware, software, design and enforcement of security policy and etc. This paper will try to demonstrate whether this approach will result in a more fruitful outcome in terms of students concept and theory understandings and motivation to learn.

Preliminary Findings: Revising Developer Guideline Using Word Frequency for Identifying Apps Miscategorization

Number of application in Google Play Store is increasing at a rapid rate. It is currently holding more than 3 million apps. With a large number of application files and information, locating the right apps into the right category can be quite challenging. We observed more than one thousand apps to prove that there are miscategorizations of apps in Android official marketplace. We revise the subject inside the guideline provided by developer console and kept the sub-category remain. In order to have more specific subjects for each sub-category, we revise the standard guideline by their description using word frequency. Top five ranked in terms of weighting without duplication from existing guideline was chosen as new subject in particular sub-categories. Furthermore, we remove redundant subject across sub-category. Finally, we calculate the miscategorization apps based on new guideline. The result shows that “Lifestyle” sub-category contributes to large number of misplaced apps. The result shows only 61% apps are correctly inserted into their category for all 1105 collected data. Having fine category will be a feeder to the further research related to malware detection.

SDN in the home: A survey of home network solutions using Software Defined Networking

Abstract Software Defined Networking (SDN) is an important paradigm shift of computer networking in the last 10 years. The concept of SDN is so powerful that the potential of applying it can easily be perceived beyond the initial use case of large data centre networks. We are motivated by this perception to explore the potential use of SDN in the context of home networks specifically, even though home environments were not the driving scenario behind SDN in the first years of its development. Lacking other reviews on the subject, we performed a focused search for every article that proposes, discusses or otherwise addresses the idea of implementing SDN in home networking. We surveyed four major technical and online databases (IEEE Xplore, ACM, ScienceDirect and Wiley) to ensure the inclusion of relevant, quality and authentic works. The final filtered set included 42 articles that spanned the period from 2010 to 2017. Most of the articles address specific aspects of controlling and managing home networks, such as Quality of Experience, security, Internet caps, Internet-of-Things device management and other specific themes, while the rest of articles address the generic case of managing home networks using SDN without a special focus on a particular target application. We derive a simple taxonomy for the works on home SDN and summarize the complete set of works, highlighting few points along the way and drawing few simple statistics.

The Rise of Ransomware

Ransomware continues to be one of the most crucial cyber threats and is actively threatening IT users around the world. In recent years, it has become a phenomenon and traumatic threat to individuals, governments and organizations. Ransomwares not only penalized computational operations, it also mercilessly extorts huge amount of money from the victims if the victims want to regain back access to the system and files. As such, the cybercriminals are making millions of profits and keep on spreading new variants of ransomware. This paper discusses about ransomware and some related works in fighting this threat.