Performance Analysis of TFRC and UDP over Mobile-IP Network with Competing Flows

This study aimed to conduct a performance analysis of TFRC and UDP over mobile-IP network with competing flows that enables to investigate three major performance metrics such as jitter, throughput, packet loss and packet delay. Two different transport layer protocols have been used in this analysis. As mobility has been the core issue of computing of 21st century, this research aims to contribute to this phenomenon by implementing performance analysis in mobile IP network, where mobile devices (nodes) are moved from access points to access points (AP) in order to exemplify the suitability of TFRC and UDP in wireless networking. Moreover to collect data about crucial performance metrics features. The experiment has been conducted by Network Simulation (NS-2)

Evaluation of Integrating Knowledge Management and E-Learning Towards Improved Learning Framework: KSA Case Study. Assessment Study of Linking KM with EL Factors aiming to Improve the Learner Performance in the Kingdom of Saudi Arabia, based on the New Bloom’s Taxonomy Framework

The globalisation of commerce, alongside growing information on the Internet, has increased the demand of E-Learning (EL). Furthermore, knowledge management (KM) is capable of generating significant organisational/institutional competitive advantages. KM and EL systems contribution to the requirements of education has resulted in their increased demand of their integration across business/academic world. Bloom’s Taxonomy of Educational Objectives is one of the most widely used framework of organising levels of expertise. Bloom’s different cognitive domains are based on a hierarchy of learning which progresses from simple to complex and from concrete to abstract. This study considers ways to improve higher education in Saudi Arabia, based on the significant factors (of KM/EL systems) contributing to learner performance and the way in which New Bloom’s Taxonomy could potentially affect/benefit these individual systems; previous academic works will be considered, in an attempt to achieve higher standards of education using this theory/framework. This research presents the value of learning process/tactical approaches, to encourage staff and students to accept the idea of integrating EL and KM factors under New Bloom’s Taxonomy; examples will be given to demonstrate instances where systems have been adopted successfully. To investigate the effectiveness of New Bloom’s Taxonomy on the integration of EL and KM factors in Saudi higher education, a questionnaire methodology was chosen to collect data from experts of both systems; furthermore, the public sector was chosen as it has adopted both systems. Therefore, an integrated framework is proposed

AutoNav: Evaluation and Automatization of Web Navigation Policies

Undesired navigation in browsers powers a significant class of attacks on web applications. In a move to mitigate risks associated with undesired navigation, the security community has proposed a standard that gives control to web pages to restrict navigation. The standard draft introduces a new navigate-to directive of the Content Security Policy (CSP). The directive is currently being implemented by mainstream browsers. This paper is a first evaluation of navigate-to, focusing on security, performance, and automatization of navigation policies. We present new vulnerabilities introduced by the directive into the web ecosystem, opening up for attacks such as probing to detect if users are logged in to other websites or have active shopping carts, bypassing third-party cookie blocking, exfiltrating secrets, as well as leaking browsing history. Unfortunately, the directive triggers vulnerabilities even in websites that do not use the directive in their policies. We identify both specification- and implementation-level vulnerabilities and propose countermeasures to mitigate both. To aid developers in configuring navigation policies, we develop and implement AutoNav1, an automated black-box mechanism to infer navigation policies. AutoNav leverages the benefits of origin-wide policies in order to improve security without degrading performance. We evaluate the viability of navigate-to and AutoNav by an empirical study on Alexa\u27s top 10,000 websites

Automatic Exploit Generation for Web Applications

Web applications are valuable targets for security attacks because of their popularity and the sensitive data that they handle (e.g., credit card data, medical records, and personal information). Vulnerabilities that can be exploited in these applications may have potentially catastrophic effects in terms of financial losses to the online enterprise as well as privacy losses to the consumer. Therefore, the security of web applications is critically important for both end users and online enterprises. Several approaches exist for analyzing the security of modern web applications. These approaches use a series of analysis techniques to identify vulnerabilities such as SQL Injection (SQLI) and Cross-Site Scripting (XSS). However, these analysis techniques are susceptible to false alarms, and therefore require manual efforts to check whether each one of the reported vulnerabilities is indeed exploitable. Automatic exploit generation approaches take a further step and try to include methods for automatically verifying that vulnerabilities are real by generating concrete exploits. Here, an exploit is a that a reported vulnerability is indeed exploitable. Identifying exploitable vulnerabilities helps web developers prioritize their efforts on fixing those critical bugs first. The research community is aware of the need for automated techniques that construct exploits for modern web applications. However, prior research works in this area do not scale to find deep vulnerabilities and cannot handle large and complex web applications. Several challenges contribute to this problem. Mainly, these challenges arise from the unique characteristics of modern web applications such as their complex workflows, multi-module nature, interposed user input, and multi-tier architectures. This dissertation presents an effort to secure web applications by automatically generating exploits that validate the existence and exploitability of vulnerabilities. It covers research efforts that contribute to our overall goal of providing an automatic exploit generation solution that scales to large, complex, and dynamic web applications. First, the dissertation describes an approach that automatically generates injection exploits that span several HTTP requests. Our approach develops precise models of application workflows, database schemas, and native functions to achieve the goal of automatic exploit generation. To assess the effectiveness of our approach, we evaluated it on several web applications of different complexities. The experimental results demonstrate that our approach can overcome the challenges of modern web applications by successfully generating first- and second-order exploits for them. Second, we present an exploit construction approach that overcomes the challenges posed by the dynamic nature of web applications. Our approach is based on combining dynamic analysis that is guided by static analysis techniques in order to automatically identify vulnerabilities and build working exploits. We evaluated our system over a codebase of 3.2 million lines of PHP code. Experimental results demonstrate that our system can scale the process of automatic vulnerability analysis and exploit generation to large applications and to multiple classes of vulnerabilities. By presenting the results of both systems, this thesis demonstrates an automated exploit generation approach that scales to large, complex, and dynamic web applications despite the complexities associated with the automated analysis of modern web applications

SpanEmo: Casting Multi-label Emotion Classification as Span-prediction

Emotion recognition (ER) is an important task in Natural Language Processing (NLP), due to its high impact in real-world applications from health and well-being to author profiling, consumer analysis and security. Current approaches to ER, mainly classify emotions independently without considering that emotions can co-exist. Such approaches overlook potential ambiguities, in which multiple emotions overlap. We propose a new model "SpanEmo" casting multi-label emotion classification as span-prediction, which can aid ER models to learn associations between labels and words in a sentence. Furthermore, we introduce a loss function focused on modelling multiple co-existing emotions in the input sentence. Experiments performed on the SemEval2018 multi-label emotion data over three language sets (i.e., English, Arabic and Spanish) demonstrate our method's effectiveness. Finally, we present different analyses that illustrate the benefits of our method in terms of improving the model performance and learning meaningful associations between emotion classes and words in the sentence.Comment: 12 pages, 4 figures, 7 tables, accepted at EACL202