Using response action with Intelligent Intrusion detection and prevention System against web application malware

Findings: After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system

Machine learning based botnet identification traffic

The continued growth of the Internet has resulted in the increasing sophistication of toolkit and methods to conduct computer attacks and intrusions that are easy to use and publicly available to download, such as Zeus botnet toolkit. Botnets are responsible for many cyber-attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of existence botnet toolkits release updates for new features, development and support. This presents challenges in the detection and prevention of bots. Current botnet detection approaches mostly ineffective as botnets change their Command and Control (C&C) server structures, centralized (e.g., IRC, HTTP), distributed (e.g., P2P), and encryption deterrent. In this paper, based on real world data sets we present our preliminary research on predicting the new bots before they launch their attack. We propose a rich set of features of network traffic using Classification of Network Information Flow Analysis (CONIFA) framework to capture regularities in C&C communication channels and malicious traffic. We present a case study of applying the approach to a popular botnet toolkit, Zeus. The experimental evaluation suggest that it is possible to detect effectively botnets during the botnet C&C communication generated from new updated Zeus botnet toolkit by building the classifier using machine learning from an earlier version and before they launch their attacks using traffic behaviors. Also, show that there is similarity in C&C structures various Botnet toolkit versions and that the network characteristics of botnet C&C traffic is different from legitimate network traffic. Such methods could reduce many different resources needed to identify C&C communication channels and malicious traffic

CroLSSim: Cross‐language software similarity detector using hybrid approach of LSA‐based AST‐MDrep features and CNN‐LSTM model

Software similarity in different programming codes is a rapidly evolving field because of its numerous applications in software development, software cloning, software plagiarism, and software forensics. Currently, software researchers and developers search cross-language open-source repositories for similar applications for a variety of reasons, such as reusing programming code, analyzing different implementations, and looking for a better application. However, it is a challenging task because each programming language has a unique syntax and semantic structure. In this paper, a novel tool called Cross-Language Software Similarity (CroLSSim) is designed to detect similar software applications written in different programming codes. First, the Abstract Syntax Tree (AST) features are collected from different programming codes. These are high-quality features that can show the abstract view of each program. Then, Methods Description (MDrep) in combination with AST is used to examine the relationship among different method calls. Second, the Term Frequency Inverse Document Frequency approach is used to retrieve the local and global weights from AST-MDrep features. Third, the Latent Semantic Analysis-based features extraction and selection method is proposed to extract the semantic anchors in reduced dimensional space. Fourth, the Convolution Neural Network (CNN)-based features extraction method is proposed to mine the deep features. Finally, a hybrid deep learning model of CNN-Long-Short-Term Memory is designed to detect semantically similar software applications from these latent variables. The data set contains approximately 9.5K Java, 8.8K C#, and 7.4K C++ software applications obtained from GitHub. The proposed approach outperforms as compared with the state-of-the-art methods

Augmented Reality-Based English Language Learning: Importance And State Of The Art

Augmented reality is increasingly used in the educational domain. However, little is known concerning the actual importance of AR for learning English skills. The weakness of the English language among English as a foreign Language (EFL) students is widespread in different educational institutions. Accordingly, this paper aims at exploring the importance of AR for learning English skills from the perspectives of English language teachers and educators. Mixed qualitative methods were used. To achieve the objective of this study, 12 interviews were conducted with English teachers concerning the topic under investigation. Second, a systematic literature review (SLR) that demonstrates the advantages, the limitation, and the approach of AR for learning English was performed. This study is different from other studies in using two methods and conducting comprehensive research on the importance of AR in improving English language skills in general. Thus, the study concluded that AR improves language skills and academic achievements. It also reduces students\u27 anxiety levels, improves students\u27 creativity, and increases students\u27 collaboration and engagement. Moreover, the students have positive attitudes towards using AR for learning the English language. The findings present important implications for the integration and development of AR for learning

Variance Ranking Attributes Selection Techniques for Binary Classification Problem in Imbalance Data

Data are being generated and used to support all aspects of healthcare provision, from policy formation to the delivery of primary care services. Particularly, with the change of emphasis from curative to preventive medicine, the importance of data-based research such as data mining and machine learning has emphasized the issues of class distributions in datasets. In typical predictive modeling, the inability to effectively address a class imbalance in a real-life dataset is an important shortcoming of the existing machine learning algorithms. Most algorithms assume a balanced class in their design, resulting in poor performance in predicting the minority target class. Ironically, the minority target class is usually the focus in predicting processes. The misclassification of the minority target class has resulted in serious consequences in detecting chronic diseases and detecting fraud and intrusion where positive cases are erroneously predicted as not positive. This paper presents a new attribute selection technique called variance ranking for handling imbalance class problems in a dataset. The results obtained were compared to two well-known attribute selection techniques: the Pearson correlation and information gain technique. This paper uses a novel similarity measurement technique ranked order similarity-ROS to evaluate the variance ranking attribute selection compared to the Pearson correlations and information gain. Further validation was carried out using three binary classifications: logistic regression, support vector machine, and decision tree. The proposed variance ranking and ranked order similarity techniques showed better results than the benchmarks. The ROS technique provided an excellent means of grading and measuring the similarities where other similarity measurement techniques were inadequate or not applicable

A pseudo feedback-based annotated TF-IDF technique for dynamic crypto-ransomware pre-encryption boundary delineation and features extraction

The cryptography employed against user files makes the effect of crypto-ransomware attacks irreversible even after detection and removal. Thus, detecting such attacks early, i.e. during pre-encryption phase before the encryption takes place is necessary. Existing crypto-ransomware early detection solutions use a fixed time-based thresholding approach to determine the pre-encryption phase boundaries. However, the fixed time thresholding approach implies that all samples start the encryption at the same time. Such assumption does not necessarily hold for all samples as the time for the main sabotage to start varies among different crypto-ransomware families due to the obfuscation techniques employed by the malware to change its attack strategies and evade detection, which generates different attack behaviors. Additionally, the lack of sufficient data at the early phases of the attack adversely affects the ability of feature extraction techniques in early detection models to perceive the characteristics of the attacks, which, consequently, decreases the detection accuracy. Therefore, this paper proposes a Dynamic Pre-encryption Boundary Delineation and Feature Extraction (DPBD-FE) scheme that determines the boundary of the pre-encryption phase, from which the features are extracted and selected more accurately. Unlike the fixed thresholding employed by the extant works, DPBD-FE tracks the pre-encryption phase for each instance individually based on the first occurrence of any cryptography-related APIs. Then, an annotated Term Frequency-Inverse Document Frequency (aTF-IDF) technique was utilized to extract the features from runtime data generated during the pre-encryption phase of crypto-ransomware attacks. The aTF-IDF overcomes the challenge of insufficient attack patterns during the early phases of the attack lifecycle. The experimental evaluation shows that DPBD-FE was able to determine the pre-encryption boundaries and extract the features related to this phase more accurately compared to related works

A Comparative Analysis of Distributed Ledger Technology Platforms

Distributed Ledger Technology (DLT) has emerged as one of the most disruptive technologies in the last decade. It promises to change the way people do their business, track their products, and manage their personal data. Though the concept of DLT was first implemented in 2009 as Bitcoin, it has gained significant attention only in the past few years. During this time, different DLT enthusiasts and commercial companies have proposed and developed several DLT platforms. These platforms are usually categorized as public vs private, general-purpose vs application-specific and so on. As a growing number of people are interested to build DLT applications, it is important to understand their underlying architecture and capabilities in order to determine which DLT platform should be leveraged for a specific DLT application. In addition, the platforms need to be evaluated and critically analyzed to assess their applicability, resiliency and sustainability in the long run. In this paper, we have surveyed several leading DLT platforms and evaluated their capabilities based on a number of quantitative and qualitative criteria. The comparative analysis presented in this paper will help the DLT developers and architects to choose the best platform as per their requirement(s)

BCFL logging: an approach to acquire and preserve admissible digital forensics evidence in cloud ecosystem

Log files are the primary source of recording users, applications and protocols, activities in the cloud ecosystem. Cloud forensic investigators can use log evidence to ascertain when, why and how a cyber adversary or an insider compromised a system by establishing the crime scene and reconstructing how the incident occurred. However, digital evidence acquisition in a cloud ecosystem is complicated and proven difficult, even with modern forensic acquisition toolkit. The multi-tenancy, Geo-location and Service-Level Agreement have added another layer of complexity in acquiring digital log evidence from a cloud ecosystem. In order to mitigate these complexities of evidence acquisition in the cloud ecosystem, we need a framework that can forensically maintain the trustworthiness and integrity of log evidence. In this paper, we design and implement a Blockchain Cloud Forensic Logging (BCFL) framework, using a Design Science Research Methodological (DSRM) approach. BCFL operates primarily in four stages: (1) Process transaction logs using Blockchain distributed ledger technology (DLT). (2) Use a Blockchain smart contract to maintain the integrity of logs and establish a clear chain of custody. (3) Validate all transaction logs. (4) Maintain transaction log immutability. BCFL will also enhance and strengthen compliance with the European Union (EU) General Data Protection Regulation (GDPR). The results from our single case study will demonstrate that BCFL will mitigate the challenges and complexities faced by digital forensics investigators in acquiring admissible digital evidence from the cloud ecosystem. Furthermore, an instantaneous performance monitoring of the proposed Blockchain cloud forensic logging framework was evaluated. BCFL will ensure trustworthiness, integrity, authenticity and non-repudiation of the log evidence in the cloud

Comparative study of indoor propagation model below and above 6 GHz for 5G wireless networks

It has been widely speculated that the performance of the next generation based wireless network should meet a transmission speed on the order of 1000 times more than the current cellular communication systems. The frequency bands above 6 GHz have received significant attention lately as a prospective band for next generation 5G systems. The propagation characteristics for 5G networks need to be fully understood for the 5G system design. This paper presents the channel propagation characteristics for a 5G system in line of sight (LOS) and non-LOS (NLOS) scenarios. The diffraction loss (DL) and frequency drop (FD) are investigated based on collected measurement data. Indoor measurement results obtained using a high-resolution channel sounder equipped with directional horn antennas at 3.5 GHz and 28 GHz as a comparative study of the two bands below and above 6 GHz. The parameters for path loss using different path loss models of single and multi-frequencies have been estimated. The excess delay, root mean square (RMS) delay spread and the power delay profile of received paths are analyzed. The results of the path loss models show that the path loss exponent (PLE) in this indoor environment is less than the free space path loss exponent for LOS scenario at both frequencies. Moreover, the PLE is not frequency dependent. The 3GPP path loss models for single and multi-frequency in LOS scenarios have good performance in terms of PLE that is as reliable as the physically-based models. Based on the proposed models, the diffraction loss at 28 GHz is approximately twice the diffraction loss at 3.5 GHz. The findings of the power delay profile and RMS delay spread indicate that these parameters are comparable for frequency bands below and above 6 GH