Mitigating Insider Threat in Relational Database Systems

The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems security. It focuses on modeling the accumulative knowledge that insiders get throughout legal accesses, and it concentrates on analyzing the dependencies and constraints among data items and represents them using graph-based methods. The dissertation proposes new types of Knowledge Graphs (KGs) to represent insiders\u27 knowledgebases. Furthermore, it introduces the Neural Dependency and Inference Graph (NDIG) and Constraints and Dependencies Graph (CDG) to demonstrate the dependencies and constraints among data items. The dissertation discusses in detail how insiders use knowledgebases and dependencies and constraints to get unauthorized knowledge. It suggests new approaches to predict and prevent the aforementioned threat. The proposed models use KGs, NDIG and CDG in analyzing the threat status, and leverage the effect of updates on the lifetimes of data items in insiders\u27 knowledgebases to prevent the threat without affecting the availability of data items. Furthermore, the dissertation uses the aforementioned idea in ordering the operations of concurrent tasks such that write operations that update risky data items in knowledgebases are executed before the risky data items can be used in unauthorized inferences. In addition to unauthorized knowledge, the dissertation discusses how insiders can make unauthorized modifications in sensitive data items. It introduces new approaches to build Modification Graphs that demonstrate the authorized and unauthorized data items which insiders are able to update. To prevent this threat, the dissertation provides two methods, which are hiding sensitive dependencies and denying risky write requests. In addition to traditional RDBMS, the dissertation investigates insider threat in cloud relational database systems (cloud RDMS). It discusses the vulnerabilities in the cloud computing structure that may enable insiders to launch attacks. To prevent such threats, the dissertation suggests three models and addresses the advantages and limitations of each one. To prove the correctness and the effectiveness of the proposed approaches, the dissertation uses well stated algorithms, theorems, proofs and simulations. The simulations have been executed according to various parameters that represent the different conditions and environments of executing tasks

An Enhanced AODV Protocol for Avoiding Black Holes in MANET

© 2018 The Authors. Published by Elsevier Ltd. Black hole attack is one of the well-known attacks on Mobile Ad hoc Networks, MANET. This paper discusses this problem and proposes a new approach based on building a global reputation system that helps AODV protocol in selecting the best path to destination, when there is more than one possible route. The proposed protocol enhances the using of watchdogs in AODV by collecting the observations and broadcasting them to all nodes in the network using a low overhead approach. Moreover, the proposed protocol takes into account the detection challenge when a black hole continuously moves

Collusion attacks mitigation in internet of things: a fog based model

© 2017, Springer Science+Business Media, LLC. Collusion attacks are among the major security concerns nowadays due to the growth exposure in networks and communications. Internet of Things (IoT) environments are an attractive target for such type attacks. This paper discusses the problem of collusion attacks in IoT environments and how mobility of IoT devices increases the difficulty of detecting such types of attacks. It demonstrates how approaches used in detection collusion attacks in WSNs are not applicable in IoT environments. To this end, the paper introduces a model based on Fog Computing infrastructure to keep track of IoT devices and detect collusion attackers. The model uses fog computing layer for realtime monitoring and detection of collusion attacks in IoT environments. Moreover, the model uses a software defined systems layer to add a degree of flexibility for configuring Fog nodes to enable them to detect various types of collusion attacks. The paper provides algorithms, theorems, lemmas and mathematical proofs of the proposed model. Furthermore, the it highlights the possible overhead on fog nodes and network when applying the proposed model, and claims that fog layer infrastructure can provide the required resources for the scalability of the model. The experiments show how the proposed model can keep track of malicious nodes while moving from one cluster to other clusters in IoT environments in contrary to the models used in WSNs. Moreover, the experiments show that the proposed model can bear the computation overhead effectevilly, and reduces the power consumption of aggregator nodes in comparison to the models used in WSNs

Collusion attacks in Internet of Things: Detection and mitigation using a fog based model

© 2017 IEEE. This paper discusses the problem of collusion attacks in Internet of Things (IoT) environments and how mobility of IoT devices increases the difficulty of detecting such types of attacks. It demonstrates how approaches used in detecting collusion attacks in WSNs are not applicable in IoT environments. To this end, the paper introduces a model based on the Fog Computing infrastructure to keep track of IoT devices and detect collusion attackers. The model uses fog computing layer for real-time monitoring and detection of collusion attacks in IoT environments. Moreover, the model uses a software defined system layer to add a degree of flexibility for configuring Fog nodes in order to enable them to detect various types of collusion attacks. Furthermore, the paper highlights the possible overhead on Fog nodes and network when applying the proposed model, and claims that the Fog layer infrastructure can provide the required resources for the scalability of the model

Malicious Users’ Transactions: Tackling Insider Threat

Part 5: Database SecurityInternational audienceThis paper investigates the issues of malicious transactions by insiders in database systems. It establishes a number of rule sets to constrain the relationship between data items and transactions. A type of graph, called Predictive Dependency Graph, has been developed to determine data flow patterns among data items. This helps in foretelling which operation of a transaction has the ability to subsequently affect a sensitive data item. In addition, the paper proposes a mechanism to monitor suspicious insiders’ activities and potential harm to the database. With the help of the Predictive DependencyGraphs, the presented model predicts and prevents potential damage caused by malicious transactions

A Context-Aware Android Malware Detection Approach Using Machine Learning

The Android platform has become the most popular smartphone operating system, which makes it a target for malicious mobile apps. This paper proposes a machine learning-based approach for Android malware detection based on application features. Unlike many prior research that focused exclusively on API Calls and permissions features to improve detection efficiency and accuracy, this paper incorporates applications’ contextual features with API Calls and permissions features. Moreover, the proposed approach extracted a new dataset of static API Calls and permission features using a large dataset of malicious and benign Android APK samples. Furthermore, the proposed approach used the Information Gain algorithm to reduce the API and permission feature space from 527 to the most relevant 50 features only. Several combinations of API Calls, permissions, and contextual features were used. These combinations were fed into different machine-learning algorithms to show the significance of using the selected contextual features in detecting Android malware. The experiments show that the proposed model achieved a very high accuracy of about 99.4% when using contextual features in comparison to 97.2% without using contextual features. Moreover, the paper shows that the proposed approach outperformed the state-of-the-art models considered in this work

Image cyberbullying detection and recognition using transfer deep machine learning

Cyberbullying detection on social media platforms is increasingly important, necessitating robust computational methods. Current approaches, while promising, have not fully leveraged the combined strengths of deep learning and traditional machine learning for enhanced performance. Moreover, online content complexity requires models that can capture nuanced contexts beyond text, which many current methods lack. This research proposes a novel hybrid approach using deep learning models as feature extractors and machine learning classifiers to improve cyberbullying detection. Extracting features using pre-trained deep learning models like InceptionV3, ResNet50, and VGG16, then feeding them into classifiers like Logistic Regression and Support Vector Machines, enhances understanding of the complex contexts where cyberbullying occurs. Experiments on an image dataset showed that combining deep learning and machine learning achieved higher accuracy than using either approach alone. This novel framework bridges the gap in existing literature and contributes to broader efforts to combat cyberbullying through more nuanced, context-aware detection methods. The hybrid technique demonstrates the potential of blending deep learning's representation learning strengths with machine learning's sample efficiency and interpretability