Qussai Yaseen

Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems

This paper investigates the problem of knowledge acquisition by an unauthorized insider using dependencies between objects in relational databases. It defines various types of knowledge. In addition, it introduces the Neural Dependency and Inference Graph (NDIG), which shows dependencies among objects and the amount of knowledge that can be inferred about them using dependency relationships. Moreover, it introduces an algorithm to determine the knowledgebase of an insider and explains how insiders can broaden their knowledge about various relational database objects to which they lack appropriate access privileges. In addition, it demonstrates how NDIGs and knowledge graphs help in assessment of insider threats and what security officers can do to avoid such threats.

Predicting and preventing insider threat in relational database systems

This paper investigates the problem of insider threat in relational database systems. It defines various types of dependencies as well as constraints on dependencies that may be used by insiders to infer unauthorized information. Furthermore, it introduces the Constraint and Dependency Graph (CDG), and the Dependency Matrix that are used to represent dependencies and constraints on them. Furthermore, it presents an algorithm for constructing insiders knowledge graph, which shows the knowledgebase of insiders. In addition, the paper introduces the Threat Prediction Graph (TPG) to predict and prevent insider threat.

Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention

This paper investigates the problem of malicious modifications by insiders in relational databases. It presents an algorithm that shows how to construct insiders’ Modification Graphs, which demonstrate the authorized and unauthorized data items in which insiders can make changes. Two methods are provided to prevent modification attacks. The first method prevents attacks by hiding dependencies between data items. The second method prevents attacks by denying write access to some data items. We present the cut algorithm that determines which dependencies should be hidden to prevent modification attacks on sensitive data items. In addition, we use modification graphs to determine which write accesses should be denied in order to prevent such attacks.

Organizing Access Privileges: Maximizing the Availability and Mitigating the Threat of Insiders' Knowledgebase

This paper demonstrates how to mitigate insider threat in relational databases. Basically, it shows how the execution of the same operations in different orders poses different levels of threat. The model presented in this paper organizes accesses to data items in some sequence so that the expected threat is minimized to the lowest level. In addition, it increases the availability of data items. That is, instead of preventing insiders from getting access to some data items because of possible threat, the proposed approach reorganizes insiders’ independent requests so that they can access those data when it is determined that there is little or no threat .

Cloud support for large scale e-healthcare systems

Rapid development of wearable devices and mobile cloud computing technologies has led to new opportunities for large scale e-healthcare systems. In these systems, individuals’ health information are remotely detected using wearable sensors and forwarded through wireless devices to a dedicated computing system for processing and evaluation where a set of specialists namely, hospitals, healthcare agencies and physicians will take care of such health information. Real-time or semi-real time health information are used for online monitoring of patients at home. This in fact enables the doctors and specialists to provide immediate medical treatments. Large scale e-healthcare systems aim at extending the monitoring coverage from individuals to include a crowd of people who live in communities, cities, or even up to a whole country. In this paper, we propose a large scale e-healthcare monitoring system that targets a crowd of individuals in a wide geographical area. The system is efficiently integrating many emerging technologies such as mobile computing, edge computing, wearable sensors, cloud computing, big data techniques, and decision support systems. It can offer remote monitoring of patients anytime and anywhere in a timely manner. The system also features some unique functions that are of great importance for patients’ health as well as for societies, cities, and countries. These unique features are characterized by taking long-term, proactive, and intelligent decisions for expected risks that might arise by detecting abnormal health patterns shown after analyzing huge amounts of patients’ data. Furthermore, it is using a set of supportive information to enhance the decision support system outcome. A rigorous set of evaluation experiments are conducted and presented to validate the efficiency of the proposed model. The obtained results show that the proposed model is scalable by handling a large number of monitored individuals with minimal overhead. Moreover, exploiting the cloud-based system reduces both the resources consumption and the delay overhead for each individual patient.

PEP-side caching: An insider threat port

PEP-side caching is used in request-response access control mechanisms to increase the availability and reduce the processing overhead on PDP. Nonetheless, this paper shows that using this approach may open an insider threat port that can be used to bypass access control models in cloud and distributed relational databases. Moreover, the paper proposes a light model that detects and prevents the threat without affecting the performance of PEP and PDP, and it keeps the advantages of PEP-side caching model.

A Fog Computing Based System for Selective Forwarding Detection in Mobile Wireless Sensor Networks

Intrusions detection is one of the major issues that worry organizations in wireless sensor networks (WSNs). Many researchers have dealt with this problem and have proposed many methods for detecting different kinds of intrusions such as selective forwarding, which is a serious attack that may obstruct communications in WSNs. However, as the applications of mobile computing, vehicular networks, and internet of things (IoT) are spreading immensely, selective forwarding detection in Mobile Wireless Sensor Networks (MWSNs) has become a key demand. This paper introduces the problem of selective forwarding in MWSNs, and discusses how available techniques for mitigation this problem in WSNs are not applicable in handling the problem in MWSNs due to sensors mobility. Therefore, the paper proposes a model that provides a global monitoring capability for tracing moving sensors and detecting malicious ones. The model leverages the infrastructure of Fog Computing to achieve this purpose. Furthermore, the paper provides a complete algorithm, a comprehensive discussion and experiments that show the correctness and importance of the proposed approach.

Multi-threading based Map Reduce tasks scheduling

Map Reduce is a parallel and a distributed computing framework used to process datasets that have large scale nature on a cluster. Due to the nature of data that needs to be handled in the Map Reduce problem which involves huge amount of data, many problems came up that are of great importance. Scheduling tasks is considered one of these major problems that face Map Reduce frameworks. In this paper, we tackled this problem and proposed a new scheduling algorithm that is based on a multi-threading principle. In our proposed algorithm, we divided the cluster into multi blocks where each one of them is scheduled by a special thread. Two major factors are used to test our algorithm; the simulation time and the energy consumption. Our proposed scheduler is then compared with existing schedulers and the results showed the superiority and the preference of our proposed scheduler over the existing schedulers.

Insider threat mitigation: preventing unauthorized knowledge acquisition

This paper investigates insider threat in relational database systems. It discusses the problem of inferring unauthorized information by insiders and proposes methods to prevent such threats. The paper defines various types of dependencies as well as constraints on dependencies that may be used by insiders to infer unauthorized information. It introduces the constraint and dependency graph (CDG) that represents dependencies and constraints. In addition, CDG shows the paths that insiders can follow to acquire unauthorized knowledge. Moreover, the paper presents the knowledge graph (KG) that demonstrates the knowledgebase of an insider and the amount of information that the insider has about data items. To predict and prevent insider threat, the paper defines and uses the threat prediction graph (TPG). A TPG shows the threat prediction value (TPV) of each data item in insiders’ KG, where TPV is used to raise an alert when an insider threat occurs. The paper provides solutions to prevent insider threat without limiting the availability of data items. Algorithms, theorems, proofs and experiments are provided to show the soundness, the completeness and the effectiveness of the proposed approaches.

A new enhancement to the R-tree node splitting

The performance of spatial queries depends mainly on the underlying index structure used to handle them. R-tree, a well-known spatial index structure, suffers largely from high overlap and high coverage resulting mainly from splitting the overflowed nodes. Assigning the remaining entries to the underflow node in order to meet the R-tree minimum fill constraint (Remaining Entries problem) may induce high overlap or high coverage. This is done without considering the geometric features of the remaining entries and this may cause a very non-optimized expansion of that particular node. This paper presents a solution to the above problem. The proposed solution to this problem distributes rectangles as follows: (1) assign m entries to the first node, which are nearest to the first seed; (2) assign other m entries to the second node, which are nearest to the second seed; (3) assign the remaining entries one by one to the nearest seed. Several experiments on real data, as well as synthetic data, show that the proposed splitting algorithm outperforms the efficient version of the original R-tree in terms of query performance.