Siti Rahayu Selamat

Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection

The proliferation of Android-based mobile devices and mobile applications in the market has triggered the malware author to make the mobile devices as the next profitable target. With user are now able to use mobile devices for various purposes such as web browsing, ubiquitous services, online banking, social networking, MMS and etc, more credential information is expose to exploitation. Applying a similar security solution that work in Desktop environment to mobile devices may not be proper as mobile devices have a limited storage, memory, CPU and power consumption. Hence, there is a need to develop a mobile malware detection that can provide an effective solution to defence the mobile user from any malicious threat and at the same time address the limitation of mobile devices environment. Prior to this matter, this research focused on evaluating the best features selection to be used in the best machine-learning classifiers. To find the best combination of both features selection and classifier, five sets of different feature selection are applies to five different machine learning classifiers. The classifier outcome is evaluated using the True Positive Rate (TPR), False Positive Rate (FPR), and Accuracy. The best combination of both features selection and classifier can be used to reduce features selection and at the same time able to classify the infected android application accurately.

Traceability in digital forensic investigation process

Digital forensic is part of forensic science that implicitly covers crime that is related to computer technology. In a cyber crime, digital evidence investigation requires a special procedures and techniques in order to be used and be accepted in court of law. Generally, the goals of these special processes are to identify the origin of the incident reported as well as maintaining the chain of custody so that the legal process can take its option. Subsequently, the traceability process has become a key or an important element of the digital investigation process, as it is capable to map the events of an incident from difference sources in obtaining evidence of an incident to be used for other auxiliary investigation aspects. Hence, this paper introduces a trace map model to illustrate the relationship in the digital forensic investigation process by adapting and integrating the traceability features. The objective of this integration is to provide the capability of trace and map the evidence to the sources and shows the link between the evidence, the entities and the sources involved in the process, particularly in the collection phase of digital forensic investigation framework. Additionally, the proposed model is expected to help the forensic investigator in obtaining accurate and complete evidence that can be further used in a court of law.

Enhanced Alert Correlation Framework for Heterogeneous Log

Management of intrusion alarms particularly in identifying malware attack is becoming more demanding due to large amount of alert produced by low-level detectors. Alert correlation can provide high-level view of intrusion alerts but incapable of handling large amount of alarm. This paper proposes an enhanced Alert Correlation Framework for sensors and heterogeneous log. It can reduce the large amount of false alarm and identify the perspective of the attack. This framework is mainly focusing on the alert correlation module which consists of Alarm Thread Reconstruction, Log Thread Reconstruction, Attack Session Reconstruction, Alarm Merging and Attack Pattern Identification module. It is evaluated using metric for effectiveness that shows high correlation rate, reduction rate, identification rate and low misclassification rate. Meanwhile in statistical validation it has highly significance result with p < 0.05. This enhanced Alert Correlation Framework can be extended into research areas in alert correlation and computer forensic investigation.

Profiling mobile malware behaviour through hybrid malware analysis approach

Nowadays, the usage of mobile device among the community worldwide has been tremendously increased. With this proliferation of mobile devices, more users are able to access the internet for variety of online application and services. As the use of mobile devices and applications grows, the rate of vulnerabilities exploitation and sophistication of attack towards the mobile user are increasing as well. To date, Googles Android Operating System (OS) are among the widely used OS for the mobile devices, the openness design and ease of use have made them popular among developer and user. Despite the advantages the android-based mobile devices have, it also invited the malware author to exploit the mobile application on the market. Prior to this matter, this research focused on investigating the behaviour of mobile malware through hybrid approach. The hybrid approach correlates and reconstructs the result from the static and dynamic malware analysis in producing a trace of malicious event. Based on the finding, this research proposed a general mobile malware behaviour model that can contribute in identifying the key features in detecting mobile malware on an Android Platform device.

Host Based Detection Approach Using Time Based Module for Fast Attack Detection Behavior

Intrusion Detection System (IDS) is an important component in a network security infrastructure. IDS need to be accurate and reliable in order to detect the intrusive behaviour of a packet that travelling through the network. With the current technological advancement attack on network infrastructure has evolve to a new level and to make IDS sensitive enough to detect the new attack, the detection framework need to be frequently updated. Both the fast attack and slow attack mechanism has become the subset of phases inside the anatomy of attack. Each of the attack mechanism has their own criteria and fast attack is the important type of attack that need to be considered as any late detection of the fast attack can cause a major bad impact to the organization. Therefore, there is a need to identify a suitable technique to detect the fast attack and based on this, this paper introduce a static threshold using statistical and observation technique for detecting the fast attack intrusion that is within one second time interval. The Threshold selected was based on the real network traffic dataset and verified using classification table on real network traffic.

Towards Incorporation of Software Security Testing Framework in Software Development

The aim of this paper is to provide secure software using security testing approach. The researchers have reviewed and analyzed the software testing frameworks and software security testing frameworks to efficiently incorporate both of them. Later, the researchers proposed to fully utilize the acceptance testing in software testing framework to achieve by incorporating it in software security testing framework. This incorporation is able to improve the security attribute needed during requirement stage of software development process. The advantage of acceptance test is to expose the system of the real situation, including vulnerability, risk, impacts and the intruders which provide a various set of security attribute to the requirement stage. This finding is recommended to establish a baseline in formulating the test pattern to achieve effective test priority.

Cyber Threat Intelligence – Issue and Challenges

Received Jan 15, 2018 Revised Mar 14, 2018 Accepted Mar 30, 2018 Blood veins detection process can be cumbersome for nurses and medical practioners when it comes to special overweight type of patients. This simple routine procedure can lead the process into an extreme calamity for these patients. In this paper, we emphasized on a process for the detection of the vein in real time using the consecrations of Matlab to prevent or at least reduce the number of inescapable calamity for patients during the infusion of a needle by phlebotomy or doctor in everyday lives. Hemoglobin of the blood tissues engrossed the Near Infrared (NIR) illuminated light and Night vision camera is used to capture the scene and enhance the vein pattern clearly using Contrast Limited Adaptive Histogram Equalization (CLAHE) method. This simple approach can successfully also lead to localizing bleeding spots, clots from stroke ... etc among other things.

A New Taxonomy of Cyber Violent Extremism (Cyber-VE) Attack

Holding the extremism, does not mean the people will become violent person. However, with the extremism movements, it will create the inspiration and motivation to the person and as a result motivate them to carry out specific acts of violence. Violent extremism happens when someone choose to carry out violent method and intent to cause harm to other. Recently, violent extremism group use Internet as their platform to form online communities and launch their attack, these activities known as Cyber Violent Extremism (Cyber-VE). Therefore, the aim of this paper is to construct a taxonomy on Cyber-VE attack to assist forensic investigators identifying the Cyber-VE attack. The method consists of identifying activities, classifying and identifying the relationship, and constructing taxonomy of Cyber-VE attack. The proposed taxonomy will be used to develop a profiling framework for tracing Cyber-VE attack. The findings will help on avoiding the misunderstanding on the concept of extremist.

Discovering Cyber Terrorism Using Trace Pattern

Nowadays, as the Internet user increased, the number of cyber threats is also increased. Internet has provided a medium for criminal to do the crime and become the target for cyber terrorist to spread their negative propaganda, and promote extreme activities. One of the crimes is cyber terrorism. Cyber terrorism became more sophisticated and it difficult to discover its activities. Hence, this paper proposes tracing technique for discovering cyber terrorism based on trace pattern. Trace pattern will represent the behavior and activities of cyber terrorism. Cyber terrorists website is used as the datasets. Using tracing technique, cyber terrorists activities are identified by extraction and classifying the traces to the keyword that is usually used by the terrorist. Then, the traces will be linked with the cyber terrorism components in order to identify the relationship between them. Using trace pattern, the verification process will be conducted to verify the traces in order to identify the cyber terrorism activities and potential terrorist. This trace pattern can be used in facilitating the forensic investigation process in discovering cyber terrorism activities.

Enhanced P2P botnets detection framework architecture with hybrid analyzer: Host-based and network-based

Nowadays, botnets are the most advanced cybercrime as being powerful threaten to the internet infrastructure by risking the Internet stability and security. Millions of computers have been hijacking and infecting by botnets especially during peak activity. The P2P botnets exploit users and dominating the P2P technology which make botnets are harder to detect and terminated. As P2P botnets issues been highlighted as its dramatically evolvement, this paper addresses on current problems relate to P2P botnets faced by users and recommending the improvement. Also, this paper concentrated on proposing P2P botnets detection framework. Also, an in-depth analysis of P2P botnets has been conducted to understand and cope with their behaviors and characteristics. The new improvement has been introduced at the propose botnets framework architecture to improve the effectiveness of P2P detection analysis. The framework architecture has been structuralized with hybrid analyzer through the marriage of host-based and network based. Prior to this matter, this research has proposed a new enhancement on framework architecture that has been reinforced by hybrid detection technique to improve the effectiveness and efficiency of P2P botnets detection.