Youssef Iraqi

Phishing Detection: A Literature Survey

This article surveys the literature on the detection of phishing attacks. Phishing attacks target vulnerabilities that exist in systems due to the human factor. Many cyber attacks are spread via mechanisms that exploit weaknesses found in end-users, which makes users the weakest element in the security chain. The phishing problem is broad and no single silver-bullet solution exists to mitigate all the vulnerabilities effectively, thus multiple techniques are often implemented to mitigate specific attacks. This paper aims at surveying many of the recently proposed phishing mitigation techniques. A high-level overview of various categories of phishing mitigation techniques is also presented, such as: detection, offensive defense, correction, and prevention, which we belief is critical to present where the phishing detection techniques fit in the overall mitigation process.

A novel Phishing classification based on URL features

Phishing is the process of illicitly obtaining data through social engineering via electronic communication channels. As reported by the Anti-Phishing Working Group (APWG)1, Phishing attacks are growing in volume and sophistication. As a result, the need to improve Phishing detection methods increases. We introduce a simple and novel Phishing classification feature that aims toward supplementing existing classifiers by detecting a subset of Phishing attacks.

A study of feature subset evaluators and feature subset searching methods for phishing classification

Phishing is a semantic attack that aims to take advantage of the naivety of users of electronic services (e.g. e-banking). A number of solutions have been proposed to minimize the impact of phishing attacks. The most accurate email phishing classifiers, that are publicly known, use machine learning techniques. Previous work in phishing email classification via machine learning have primarily focused on enhancing the classification accuracy by studying the addition of novel features, ensembles, or classification algorithms. This study follows a different path by taking advantage of previously proposed features. The primary focus of this paper is to enhance the classification accuracy of phishing email classifiers by finding an effective feature subset out of a number of previously proposed features, by evaluating various feature selection methods. The selected feature subset in this study resulted in a classification model with an f1 score of 99.396% for 21 heuristic features and a single classifier.

Lexical URL analysis for discriminating phishing and legitimate websites

A study that aims to evaluate the practical effectiveness of website classification by lexically analyzing URL tokens in addition to a novel tokenization mechanism to increase prediction accuracy. The study analyzes over 70,000 legitimate and phishing URLs collected over 6 months period from PhishTank1, Khalifa University HTTP logs and volunteers using an experimental HTTP proxy server. A statistical classification model is then constructed and evaluated to measure the practical effectiveness of the lexical URL analysis presented in this paper.

Cost-effective complex service mapping in cloud infrastructures

In cloud computing, instead of building their own network and facilities, companies can allocate resources from network operators, thus reducing hardware investment and maintenance cost. The companys IT infrastructure can be designed as an abstract virtual graph of services to be mapped into the substrate network of the operator. In this paper, we refer to the virtual graph mapping problem as service composition. How to identify and locate the substrate components to map the virtual graph to in an optimal way is the subject of this paper. We propose three algorithms for three different graph topologies: path, star, and tree, whose complexity is O(V3) + O(ERV2) where V is the set of substrate network nodes and ER is the set of virtual links. We also provide simulations to evaluate the performance of our algorithms.

Reputation-Based Trust Management in Peer-to-Peer Systems: Taxonomy and Anatomy

Trust is required in file sharing peer-to-peer (P2P) systems to achieve better cooperation among peers and reduce malicious uploads. In reputation-based P2P systems, reputation is used to build trust among peers based on their past transactions and feedbacks from other peers. In these systems, reputable peers will usually be selected to upload requested files, decreasing significantly malicious uploads in the system. This chapter surveys different reputation-based P2P systems. We will breakdown a typical reputation system into functional components. We will discuss each component and present proposed solutions from the literature. Different reputation-based systems will be described and analyzed. Each system presents a particular perspective in addressing peers’ reputation.

A STATE-OF-THE-ART REVIEW OF CLOUD FORENSICS

Cloud computing and digital forensics are emerging elds of technology. Unlike traditional digital forensics where the target environment can be almost completely isolated, acquired and can be under the investigators control; in cloud environments, the distribution of computation and storage poses unique and complex challenges to the investigators. Recently, the term cloud forensics has an increasing presence in the eld of digital forensics. In this state-of-the-art review, we included the most recent research eorts that used cloud forensics as a keyword and then classify the literature into three dimensions: (1) survey-based, (2) technology-based and (3) forensics-procedural-based. We discuss widely accepted standard bodies and their eorts to address the current trend of cloud forensics. Our aim is not only to reference related work based on the discussed dimensions, but also to analyse them and generate a mind map that will help in identifying research gaps. Finally, we summarize existing digital forensics tools and the available simulation environments that can be used for evidence acquisition, examination and cloud forensics test purposes.

Mitigation of DHCP starvation attack

DHCP starvation attack is an attack that targets DHCP servers whereby forged DHCP requests are crafted by an attacker with the intent of exhausting all available IP addresses that can be allocated by the DHCP server. Under this attack, legitimate network users can be denied service. In this paper, we describe the seriousness of the attack and survey and evaluate existing solutions designed to mitigate such an attack. In addition, we propose a novel mitigation solution. Our solution overcomes the limitations of existing solutions in terms of performance, effectiveness, and flexibility. Our solution is based on dynamic fair allocation of IP addresses and is suitable for unshared and shared (wireless) access networks. We study and analyze the proposed mitigation technique through numerical examples and simulations. Furthermore, simulation results show that our proposed solution is far superior in mitigating DHCP starvation attack when compared to other existing techniques such as fixed allocation and DHCP request rate detection.

Weighted averaging fusion for multi-view skeletal data and its application in action recognition

Existing studies in skeleton-based action recognition mainly utilise skeletal data taken from a single camera. Since the quality of skeletal tracking of a single camera is noisy and unreliable, however, combining data from multiple cameras can improve the tracking quality and hence increase the recognition accuracy. In this study, the authors propose a method called weighted averaging fusion which merges skeletal data of two or more camera views. The method first evaluates the reliability of a set of corresponding joints based on their distances to the centroid, then computes the weighted average of selected joints, that is, each joint is weighted by the overall reliability of the camera reporting the joint. Such obtained, fused skeletal data are used as the input to the action recognition step. Experiments using various frame-level features and testing schemes show that more than 10% improvement can be achieved in the action recognition accuracy using these fused skeletal data as compared with the single-view case.

Prevention of collisions among two Wireless Personal Area Networks

With the increasing need for Wireless Personal Area Network (WPAN) technology to glue together various person-centric devices, the support for mobility and coexistence of these networks becomes crucial. Such support is of paramount importance in healthcare environments, where transmission collisions due to neighboring WPANs lead to degraded performance and loss/delay of transmitted critical data. In this paper we perform the theoretical analysis for collision occurrence between two close-range IEEE 802.15.4 WPANs, thus laying the grounds for collision prevention mechanisms. Specifically, we develop and state the necessary and sufficient conditions for collision to be prevented, as well as, compute the collision probabilities as function of Beacon Intervals. We show that collision is highly probable and that detection-restoration mechanisms do not mitigate and only postpone collisions. Finally, we propose initial guidelines for structural collision prevention as the only acceptable mechanism to guarantee performance and proper operations in safety critical mobile WPANs.