Tamer AbuHmed

Software-Based Remote Code Attestation in Wireless Sensor Network

Sensor nodes are usually vulnerable to be compromised due to their unattended deployment. The low cost requirement of the sensor node precludes using an expensive tamper resistant hardware for sensor physical protection. Thus, the adversary can reprogram the compromised sensors and deviates sensor network functionality. In this paper, we propose two simple software-based remote code attestation schemes for different WSN criterion. Our schemes use different independent memory noise filling techniques called pre-deployment and post-deployment noise filling, and also different communication protocols for attestation purpose. The protocols are well-suited for wireless sensor networks, where external factors, such as channel collision, result in network delay. Hence, the success of our schemes of attestation does not depend on the accurate measurement of the execution time, which is the main drawback of previously proposed wireless sensor network attestation schemes.

Mistaking friends for foes: an analysis of a social network-based Sybil defense in mobile networks

The Sybil attack is very challenging in the context of distributed systems; Sybil nodes with multiple identities try to deviate the behavior of the overall system from normal behavior. Recently, there have been a lot of interests in social-network based Sybil defenses weighing the trust in social networks to detect Sybil nodes. Such defenses use some algorithmic properties relating to the topological structure of the social networks. However, the use of those properties without validating them in realistic settings makes their applicability impossible in the real-world applications. In this paper, we discuss such inapplicability by analyzing MobID, a recently proposed defense for mobile environments which claims that existing defenses have largely been designed for peer-to-peer networks. MobID uses the betweenness, a graph-theoretic property in the social graph, as a metric of the goodness of nodes in order to defend against the Sybil attacks. By using this betweenness, MobID operates on two fundamental assumptions: i) highly enmeshed nodes in the social graphs have a nonzero betweenness, and ii) verifiers and suspects in an honest social graph have common friends. However, extensive experiments and detailed analysis with real-world social network traces show that these assumptions do not hold well. Accordingly, MobID does not work for a great portion of the network, which is in some cases greater than 50% of the network size, even when not using a threshold on the betweenness. By setting a very low, highly-precise threshold of the betweenness (e.g., less than 10-4), we observe a dramatic loss in the performance of MobID, which corresponds to 8%--30% overall acceptance rates of honest nodes (and the remaining nodes are rejected). On the other hand, we observe that existing work, as well as other recently proposed work that is based on the community structure, can be used as an alternative for Sybil defenses in the same context.

Collaboration in social network-based information dissemination

Connectivity and trust within social networks have been exploited to build applications on top of these networks, including information dissemination, Sybil defenses, and anonymous communication systems. In these networks, and for such applications, connectivity ensures good performance of applications while trust is assumed to always hold, so as collaboration and good behavior are always guaranteed. In this paper, we study the impact of differential behavior of users on performance in typical social network-based information dissemination applications. We classify users into either collaborative or rational (probabilistically collaborative) and study the impact of this classification and the associated behavior of users on the performance on such applications. By experimenting with real-world social network traces, we make several interesting observations. First, we show that some of the existing social graphs have high routing costs, demonstrating poor structure that prevents their use in such applications. Second, we study the factors that make probabilistically collaborative nodes important for the performance of the routing protocol within the entire network and demonstrate that the importance of these nodes stems from their topological features rather than their percentage of all the nodes within the network.

A Fuzzy Ontology and SVM–Based Web Content Classification System

The volume of adult content on the world wide web is increasing rapidly. This makes an automatic detection of adult content a more challenging task, when eliminating access to ill-suited websites. Most pornographic webpage–filtering systems are based on n-gram, naïve Bayes, K-nearest neighbor, and keyword-matching mechanisms, which do not provide perfect extraction of useful data from unstructured web content. These systems have no reasoning capability to intelligently filter web content to classify medical webpages from adult content webpages. In addition, it is easy for children to access pornographic webpages due to the freely available adult content on the Internet. It creates a problem for parents wishing to protect their children from such unsuitable content. To solve these problems, this paper presents a support vector machine (SVM) and fuzzy ontology–based semantic knowledge system to systematically filter web content and to identify and block access to pornography. The proposed system classifies URLs into adult URLs and medical URLs by using a blacklist of censored webpages to provide accuracy and speed. The proposed fuzzy ontology then extracts web content to find website type (adult content, normal, and medical) and block pornographic content. In order to examine the efficiency of the proposed system, fuzzy ontology, and intelligent tools are developed using Protégé 5.1 and Java, respectively. Experimental analysis shows that the performance of the proposed system is efficient for automatically detecting and blocking adult content.

Large-Scale and Language-Oblivious Code Authorship Identification

Efficient extraction of code authorship attributes is key for successful identification. However, the extraction of such attributes is very challenging, due to various programming language specifics, the limited number of available code samples per author, and the average code lines per file, among others. To this end, this work proposes a Deep Learning-based Code Authorship Identification System (DL-CAIS) for code authorship attribution that facilitates large-scale, language-oblivious, and obfuscation-resilient code authorship identification. The deep learning architecture adopted in this work includes TF-IDF-based deep representation using multiple Recurrent Neural Network (RNN) layers and fully-connected layers dedicated to authorship attribution learning. The deep representation then feeds into a random forest classifier for scalability to de-anonymize the author. Comprehensive experiments are conducted to evaluate DL-CAIS over the entire Google Code Jam (GCJ) dataset across all years (from 2008 to 2016) and over real-world code samples from 1987 public repositories on GitHub. The results of our work show the high accuracy despite requiring a smaller number of files per author. Namely, we achieve an accuracy of 96% when experimenting with 1,600 authors for GCJ, and 94.38% for the real-world dataset for 745 C programmers. Our system also allows us to identify 8,903 authors, the largest-scale dataset used by far, with an accuracy of 92.3%. Moreover, our technique is resilient to language-specifics, and thus it can identify authors of four programming languages (e.g. C, C++, Java, and Python), and authors writing in mixed languages (e.g. Java/C++, Python/C++). Finally, our system is resistant to sophisticated obfuscation (e.g. using C Tigress) with an accuracy of 93.42% for a set of 120 authors.