On the Feasibility of Malware Authorship Attribution

There are many occasions in which the security community is interested to discover the authorship of malware binaries, either for digital forensics analysis of malware corpora or for thwarting live threats of malware invasion. Such a discovery of authorship might be possible due to stylistic features inherent to software codes written by human programmers. Existing studies of authorship attribution of general purpose software mainly focus on source code, which is typically based on the style of programs and environment. However, those features critically depend on the availability of the program source code, which is usually not the case when dealing with malware binaries. Such program binaries often do not retain many semantic or stylistic features due to the compilation process. Therefore, authorship attribution in the domain of malware binaries based on features and styles that will survive the compilation process is challenging. This paper provides the state of the art in this literature. Further, we analyze the features involved in those techniques. By using a case study, we identify features that can survive the compilation process. Finally, we analyze existing works on binary authorship attribution and study their applicability to real malware binaries.Comment: FPS 201

DeepAPT: Nation-State APT Attribution Using End-to-End Deep Neural Networks

In recent years numerous advanced malware, aka advanced persistent threats (APT) are allegedly developed by nation-states. The task of attributing an APT to a specific nation-state is extremely challenging for several reasons. Each nation-state has usually more than a single cyber unit that develops such advanced malware, rendering traditional authorship attribution algorithms useless. Furthermore, those APTs use state-of-the-art evasion techniques, making feature extraction challenging. Finally, the dataset of such available APTs is extremely small. In this paper we describe how deep neural networks (DNN) could be successfully employed for nation-state APT attribution. We use sandbox reports (recording the behavior of the APT when run dynamically) as raw input for the neural network, allowing the DNN to learn high level feature abstractions of the APTs itself. Using a test set of 1,000 Chinese and Russian developed APTs, we achieved an accuracy rate of 94.6%

Conceptualising the Role of the UAE Innovation Strategy in University-Industry knowledge Diffusion Process

Universities are considered one of the primary sources of knowledge and an essential component of the triple helix theory. They fuel the industries with the required expertise and pool of resources to operate efficiently. Moreover, entrepreneurial universities successfully contributed to regional development and employment growth by supporting entrepreneurial activities and incubation programmes. Thus, university-industry collaboration is vital for enhancing knowledge-based industries\u27 knowledge diffusion as well as the regional innovation atmospheres. On the other hand, countries and regional authorities strive to stimulate their regional development by encouraging innovation and entrepreneurship activities. For example, the UAE announced its 2015 innovation strategy that focused on seven industries: education, technology, renewable energy, transportation, education, health, water, and space. The strategy stressed the role of universities R & R&D, first-class research, and promoting incubation services as one of the country\u27s main innovation enablers. Thus, universities, scholars and industry should concentrate on the identified sectors to achieve the strategic innovation goals. This work aims to conceptualise and test the relationship and collaboration between industry and universities in the UAE and the impact of the innovation strategy on this relationship. Therefore, we critically analyse literature on the university-industry relationship and connect it with the UAE innovation strategy that resulted in a conceptual university-industry relationship model where the innovation strategy and UAE government act as a moderator of this relationship. The initial results show that the conceptual model includes research and curriculum collaboration. Research collaboration includes joint research, research fund, commercialisation of the research output, while curriculum collaboration includes the programmes and courses updates and joint training programmes. The developed model is still in its early stage of development and requires further updates based on interviews with the HEIs researchers and the survey results

Efforts and Suggestions for Improving Cybersecurity Education

In this growing technology epoch, one of the main concerns is about the cyber threats. To tackle this issue, highly skilled and motivated cybersecurity professionals are needed, who can prevent, detect, respond, or even mitigate the effect of such threats. However, the world faces workforce shortage of qualified cybersecurity professionals and practitioners. To solve this dilemma several cybersecurity educational programs have arisen. Before it was just a couple of courses in a computer science graduate program. Now a day’s different cybersecurity courses are introduced at the high school level, undergraduate computer science and information systems programs, even in the government level. Due to some peculiar nature of cybersecurity, educational institutions face many issues when designing a cybersecurity curriculum or cybersecurity activities

Efficient, Scalable, and Accurate Program Fingerprinting in Binary Code

Why was this binary written? Which compiler was used? Which free software packages did the developer use? Which sections of the code were borrowed? Who wrote the binary? These questions are of paramount importance to security analysts and reverse engineers, and binary fingerprinting approaches may provide valuable insights that can help answer them. This thesis advances the state of the art by addressing some of the most fundamental problems in program fingerprinting for binary code, notably, reusable binary code discovery, fingerprinting free open source software packages, and authorship attribution. First, to tackle the problem of discovering reusable binary code, we employ a technique for identifying reused functions by matching traces of a novel representation of binary code known as the semantic integrated graph. This graph enhances the control flow graph, the register flow graph, and the function call graph, key concepts from classical program analysis, and merges them with other structural information to create a joint data structure. Second, we approach the problem of fingerprinting free open source software (FOSS) packages by proposing a novel resilient and efficient system that incorporates three components. The first extracts the syntactical features of functions by considering opcode frequencies and performing a hidden Markov model statistical test. The second applies a neighborhood hash graph kernel to random walks derived from control flow graphs, with the goal of extracting the semantics of the functions. The third applies the z-score to normalized instructions to extract the behavior of the instructions in a function. Then, the components are integrated using a Bayesian network model which synthesizes the results to determine the FOSS function, making it possible to detect user-related functions. Third, with these elements now in place, we present a framework capable of decoupling binary program functionality from the coding habits of authors. To capture coding habits, the framework leverages a set of features that are based on collections of functionalityindependent choices made by authors during coding. Finally, it is well known that techniques such as refactoring and code transformations can significantly alter the structure of code, even for simple programs. Applying such techniques or changing the compiler and compilation settings can significantly affect the accuracy of available binary analysis tools, which severely limits their practicability, especially when applied to malware. To address these issues, we design a technique that extracts the semantics of binary code in terms of both data and control flow. The proposed technique allows more robust binary analysis because the extracted semantics of the binary code is generally immune from code transformation, refactoring, and varying the compilers or compilation settings. Specifically, it employs data-flow analysis to extract the semantic flow of the registers as well as the semantic components of the control flow graph, which are then synthesized into a novel representation called the semantic flow graph (SFG). We evaluate the framework on large-scale datasets extracted from selected open source C++ projects on GitHub, Google Code Jam events, Planet Source Code contests, and students’ programming projects and found that it outperforms existing methods in several respects. First, it is able to detect the reused functions. Second, it can identify FOSS packages in real-world projects and reused binary functions with high precision. Third, it decouples authorship from functionality so that it can be applied to real malware binaries to automatically generate evidence of similar coding habits. Fourth, compared to existing research contributions, it successfully attributes a larger number of authors with a significantly higher accuracy. Finally, the new framework is more robust than previous methods in the sense that there is no significant drop in accuracy when the code is subjected to refactoring techniques, code transformation methods, and different compilers

The Good, The Bad, and The Ugly About Insta Shopping: A Qualitative Study

Instagram, as many social media platforms, has been increasingly used by users to shop for goods and products from business or other individuals. Recently, studies have shed lights on acceptance and usage of Insta shopping from users’ perspectives by following popular technology models, such as technology acceptance model (TAM) and unified theory of acceptance and use of technology (UTAUT). However, more rich and in-depth insights about using Instagram for commercial purposes within a certain context are yet to be discovered. Therefore, this study aims at discovering experiences and interactions with Insta shopping, the factors and the drivers that impact users’ acceptance of Insta shopping, the weight of each factor (degree of consensus among participants), and their direction (positive, negative, or both). The study followed a qualitative approach, by creating four homogeneous focus groups (six participants each) of IT students in United Arab Emirates (UAE) universities. The data analysis approach considered is an axial coding technique as part of the grounded theory, which includes open coding, axial coding, and selective coding stages. The results revealed that the time factor, trust in Insta shops (and its drivers such as reviews, word of mouth, trading license, and others), distrust (and its drivers such as fake comments and reviews, extremely low prices, and others), and the associated risks (financial for losing money, security because of online payments, and some privacy issues) can impact users’ behaviors toward Insta shopping. Also, the study classified participants’ viewpoints and experiences’ themes into advantages, disadvantages, and issues that are associated with Insta shopping. The study indicated theoretical and practical implications and suggests future research directions

QoS based Route Management in Cognitive Radio Networks

Cognitive radio networks are smart networks that automatically sense the channel and adjust the network parameters accordingly. Cognitive radio is an emerging technology that enables the dynamic deployment of highly adaptive radios that are built upon software defined radio technology. The radio technology allows the unlicensed operation to be in the licensed band. The cognitive radio network paradigm therefore raises many technical challenges such as the power efficiency, spectrum management, spectrum detection, environment awareness, the path selection as well as the path robustness, and security issues. Traditionally, in the routing approaches in the wired network, each node allows a maximum load through the selected route while traditionally in the routing approaches in wireless network, each node broadcasts its request with the identification of the required destination. However, the existing routing approaches in cognitive radio networks (CRN) follow the traditional approaches in wireless network especially those applied for ad hoc networks. In addition, these traditional approaches do not take into account spectrum trading as well as spectrum competition among licensed users (PUs). In this thesis, a novel QoS based route management approach is proposed by introducing two different models; the first model is without game theory and the second model is with game theory. The proposed QoS routing algorithm contains the following elements: (i) a profile for each user, which contains different parameters such as the unlicensed user (secondary user, SU) identification, number of neighbors, channel identification, neighbor identification, probabilities of idle slots and the licensed user (primary user, PU) presence. In addition, the radio functionality feature for CRN nodes gives the capability to sense the channels and therefore each node shares its profile with the sensed PU, which then exchanges its profile with other PUs, (ii) spectrum trading, a PU calculates its price based on the SU requirements, (iii) spectrum competition, a new coefficient α is defined that controls the price because of competition among PUs and depends on many factors such as the number of primary users, available channels, and duration of the usage, (iv) a new function called QoS function is defined to provide different levels of quality of service to SUs, and (v) the game theory concept adds many features such as the flexibility, the dynamicity in finding solutions to the model and the dynamic behaviors of users. Based on the previous elements, all possible paths are managed and categorized based on the level of QoS requested by SUs and the price offered by the PU. The simulation results show that the aggregate throughput and the average delay of the routes determined by the proposed QoS routing algorithm are superior to existing wireless routing algorithms. Moreover, network dynamics is examined under different levels of QoS

Digital Transformation of Education: An Integrated Framework for Metaverse, Blockchain, and AI-Driven Learning

The integration of Metaverse, Blockchain, and Artificial Intelligence (AI) has the potential to revolutionize the educational landscape by providing immersive, secure, and personalized learning environments. This study proposes a conceptual framework that combines these technologies to address the key challenges faced by contemporary education systems, including accessibility, engagement, security, and personalization. The Metaverse serves as the immersive platform, offering virtual classrooms, interactive simulations, and gamified learning experiences. Blockchain provides the foundation for secure and transparent academic records, enabling tamper-proof credential verification and decentralized data management. AI enhances the educational experience by powering adaptive learning systems, predictive analytics, and intelligent tutoring systems that personalize content delivery and identify at-risk students. This framework aims to foster a more inclusive, efficient, and student-centered learning ecosystem. Practical use cases demonstrate how the integration of these technologies can improve STEM education, medical training, credentialing systems, and inclusive learning environments. However, the implementation of these technologies presents challenges related to infrastructure costs, regulatory compliance, and ethical considerations in AI decision-making. Future research should explore the empirical validation of this framework, scalability issues, and strategies for overcoming adoption barriers to fully realize the transformative potential of these technologies in education

AI in Education: Improving Quality for Both Centralized and Decentralized Frameworks

Education is essential for achieving many Sustainable Development Goals (SDGs). Therefore, the education system focuses on empowering more educated people and improving the quality of the education system. One of the latest technologies to enhance the quality of education is Artificial Intelligence (AI)-based Machine Learning (ML). As a result, ML has a significant influence on the education system. ML is currently widely applied in the education system for various tasks, such as creating models by monitoring student performance and activities that accurately predict student outcomes, their engagement in learning activities, decision-making, problem-solving capabilities, etc. In this research, we provide a survey of machine learning frameworks for both distributed (clusters of schools and universities) and centralized (university or school) educational institutions to predict the quality of students\u27 learning outcomes and find solutions to improve the quality of their education system. Additionally, this work explores the application of ML in teaching and learning for further improvements in the learning environment for centralized and distributed education systems

Understanding Trust Drivers of S-commerce

Trust has emerged as a pillar in the acceptance and use of new technologies in the ever-changing digital landscape, notably in the booming field of social commerce. The importance of this study lies in the fact that it explores in-depth the aspects of customer trust in Instashopping using new constructs that have yet to be explored in s-commerce literature. Focusing on Instashopping, the research proposed a multi-dimensional model of trust to examine the dynamics of user trust in social commerce platforms and analyses the effects of various factors, including institution-based trust, disposition to trust, personal inventiveness, perceived page quality, and overall web experience. Structural equation modelling and confirmatory factor analysis were used to examine data from 267 responses in a survey of university students in the United Arab Emirates who have used Instagram for shopping. The analysis showed that user trust and trusting beliefs were significantly influenced by the disposition to trust, institution-based trust, and general web experience. Still, no significant association was found between perceived site quality and trusting beliefs. These findings highlight the crucial part that user trust plays in social commerce platform success and how important it is for online platforms to build and maintain user trust. The work also contributes theoretically to the knowledge body by comprehensively analysing trust dynamics in social commerce. In practice, the knowledge gained can help organisations plan their strategy for gaining and keeping client trust, which is essential for long-term success in the digital arena. To ensure long-term success, organisations must emphasise building and maintaining customer trust