Detection and Analysis of Drive-by Downloads and Malicious Websites

A drive by download is a download that occurs without users action or knowledge. It usually triggers an exploit of vulnerability in a browser to downloads an unknown file. The malicious program in the downloaded file installs itself on the victims machine. Moreover, the downloaded file can be camouflaged as an installer that would further install malicious software. Drive by downloads is a very good example of the exponential increase in malicious activity over the Internet and how it affects the daily use of the web. In this paper, we try to address the problem caused by drive by downloads from different standpoints. We provide in depth understanding of the difficulties in dealing with drive by downloads and suggest appropriate solutions. We propose machine learning and feature selection solutions to remedy the the drive-by download problem. Experimental results reported 98.2% precision, 98.2% F-Measure and 97.2% ROC area

An Enhanced AODV Protocol for Avoiding Black Holes in MANET

© 2018 The Authors. Published by Elsevier Ltd. Black hole attack is one of the well-known attacks on Mobile Ad hoc Networks, MANET. This paper discusses this problem and proposes a new approach based on building a global reputation system that helps AODV protocol in selecting the best path to destination, when there is more than one possible route. The proposed protocol enhances the using of watchdogs in AODV by collecting the observations and broadcasting them to all nodes in the network using a low overhead approach. Moreover, the proposed protocol takes into account the detection challenge when a black hole continuously moves

Analyzing D-wave quantum macro assembler security

As we enter the quantum computing era, security becomes of at most importance. With the release of D-Wave One in 2011 and most recently the 2000Q, with 2,000 qubits, and with NASA and Google using D-wave Systems quantum computers, a thorough examination of quantum computer security is needed. Quantum computers underlying hardware is not compatible with classical boolean and binary-based computer systems and software. Assemblers and compliers translate modern programming languages and problems into quantum-annealing methods compatible with quantum computers. This paper presents a vulnerability assessment utilizing static source code analysis on Qmasm Python tool. More specifically, we use flow-sensitive, inter-procedural and context-sensitive data flow analysis to uncover vulnerable points in the program. We demonstrate the Qmasm security flaws that can leave D-Wave 2X system vulnerable to severe threats

Analyzing D-wave quantum macro assembler security

As we enter the quantum computing era, security becomes of at most importance. With the release of D-Wave One in 2011 and most recently the 2000Q, with 2,000 qubits, and with NASA and Google using D-wave Systems quantum computers, a thorough examination of quantum computer security is needed. Quantum computers underlying hardware is not compatible with classical boolean and binary-based computer systems and software. Assemblers and compliers translate modern programming languages and problems into quantum-annealing methods compatible with quantum computers. This paper presents a vulnerability assessment utilizing static source code analysis on Qmasm Python tool. More specifically, we use flow-sensitive, inter-procedural and context-sensitive data flow analysis to uncover vulnerable points in the program. We demonstrate the Qmasm security flaws that can leave D-Wave 2X system vulnerable to severe threats

Feature extraction and selection for Arabic tweets authorship authentication

© 2017, Springer-Verlag Berlin Heidelberg. In tweet authentication, we are concerned with correctly attributing a tweet to its true author based on its textual content. The more general problem of authenticating long documents has been studied before and the most common approach relies on the intuitive idea that each author has a unique style that can be captured using stylometric features (SF). Inspired by the success of modern automatic document classification problem, some researchers followed the Bag-Of-Words (BOW) approach for authenticating long documents. In this work, we consider both approaches and their application on authenticating tweets, which represent additional challenges due to the limitation in their sizes. We focus on the Arabic language due to its importance and the scarcity of works related on it. We create different sets of features from both approaches and compare the performance of different classifiers using them. We experiment with various feature selection techniques in order to extract the most discriminating features. To the best of our knowledge, this is the first study of its kind to combine these different sets of features for authorship analysis of Arabic tweets. The results show that combining all the feature sets we compute yields the best results

Pattern matching of signature-based ids using myers algorithm under mapreduce framework

© The Author(s). 2017. The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious activities and also in preventing their harmful impact. Existing signature-based IDSs have significant overheads in terms of execution time and memory usage mainly due to the pattern matching operation. Therefore, there is a need to design an efficient system to reduce overhead. This research intends to accelerate the pattern matching operation through parallelizing a matching algorithm on a multi-core CPU. In this paper, we parallelize a bit-vector algorithm, Myers algorithm, on a multi-core CPU under the MapReduce framework. On average, we achieve four times speedup using our multi-core implementations when compared to the serial version. Additionally, we use two implementations of MapReduce to parallelize the Myers algorithm using Phoenix++ and MAPCG. Our MapReduce parallel implementations of the Myers algorithm are compared with an earlier message passing interface (MPI)-based parallel implementation of the algorithm. The results show 1.3 and 1.7 times improvement for Phoenix++ and MAPCG MapReduce implementations over MPI respectively

Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework

Abstract The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious activities and also in preventing their harmful impact. Existing signature-based IDSs have significant overheads in terms of execution time and memory usage mainly due to the pattern matching operation. Therefore, there is a need to design an efficient system to reduce overhead. This research intends to accelerate the pattern matching operation through parallelizing a matching algorithm on a multi-core CPU. In this paper, we parallelize a bit-vector algorithm, Myers algorithm, on a multi-core CPU under the MapReduce framework. On average, we achieve four times speedup using our multi-core implementations when compared to the serial version. Additionally, we use two implementations of MapReduce to parallelize the Myers algorithm using Phoenix++ and MAPCG. Our MapReduce parallel implementations of the Myers algorithm are compared with an earlier message passing interface (MPI)-based parallel implementation of the algorithm. The results show 1.3 and 1.7 times improvement for Phoenix++ and MAPCG MapReduce implementations over MPI respectively

Malware detection using DNS records and domain name features

© 2018 ACM. As billions of people depend on Internet application to perform day to day tasks, the prevalent of malwares and online attacks cause a huge loss to global Internet economy prevalent. Domain name system is one of the core components of the Internet, which allows users to type in website names and resolves them to Internet addresses. Several studies proposed using DNS for malware detection, because it is the first step before visiting a specific website. Unfortunately, majority focused on malicious URLs back listing, botnets, top-level-domain, DNS and resolvers. This paper proposes a system to detect malicious domain names, by using eight unique features that accurately identify malicious websites before being visited.We implemented our approach of malicious domain names detection using Python, and experimented with five weeks of real-world data using Weka.The experimental results reports a 77.5% and low false positive rates 22.4%. That is very promising considering the approach detect website based on feature calculated based on URL and without downloading the file