Android Application Security Scanning Process

This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process

WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks

Wireless Sensor Networks (WSN) have become increasingly one of the hottest research areas in computer science due to their wide range of applications including critical military and civilian applications. Such applications have created various security threats, especially in unattended environments. To ensure the security and dependability of WSN services, an Intrusion Detection System (IDS) should be in place. This IDS has to be compatible with the characteristics of WSNs and capable of detecting the largest possible number of security threats. In this paper a specialized dataset for WSN is developed to help better detect and classify four types of Denial of Service (DoS) attacks: Blackhole, Grayhole, Flooding, and Scheduling attacks. This paper considers the use of LEACH protocol which is one of the most popular hierarchical routing protocols in WSNs. A scheme has been defined to collect data from Network Simulator 2 (NS-2) and then processed to produce 23 features. The collected dataset is called WSN-DS. Artificial Neural Network (ANN) has been trained on the dataset to detect and classify different DoS attacks. The results show that WSN-DS improved the ability of IDS to achieve higher classification accuracy rate. WEKA toolbox was used with holdout and 10-Fold Cross Validation methods. The best results were achieved with 10-Fold Cross Validation with one hidden layer. The classification accuracies of attacks were 92.8%, 99.4%, 92.2%, 75.6%, and 99.8% for Blackhole, Flooding, Scheduling, and Grayhole attacks, in addition to the normal case (without attacks), respectively

A Multi-Stage Classification Approach for IoT Intrusion Detection Based on Clustering with Oversampling

This research received no external funding. The APC is funded by Prince Sultan UniversityThe authors would like to acknowledge the support of Prince Sultan University for paying the Article Processing Charges (APC) of this publication.Intrusion detection of IoT-based data is a hot topic and has received a lot of interests from researchers and practitioners since the security of IoT networks is crucial. Both supervised and unsupervised learning methods are used for intrusion detection of IoT networks. This paper proposes an approach of three stages considering a clustering with reduction stage, an oversampling stage, and a classification by a Single Hidden Layer Feed-Forward Neural Network (SLFN) stage. The novelty of the paper resides in the technique of data reduction and data oversampling for generating useful and balanced training data and the hybrid consideration of the unsupervised and supervised methods for detecting the intrusion activities. The experiments were evaluated in terms of accuracy, precision, recall, and G-mean and divided into four steps: measuring the effect of the data reduction with clustering, the evaluation of the framework with basic classifiers, the effect of the oversampling technique, and a comparison with basic classifiers. The results show that SLFN classification technique and the choice of Support Vector Machine and Synthetic Minority Oversampling Technique (SVM-SMOTE) with a ratio of 0.9 and the k value of 3 for k-means++ clustering technique give better results than other values and other classification techniques.Prince Sultan Universit

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia

The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report

A federated learning framework for cyberattack detection in vehicular sensor networks

Vehicular Sensor Networks (VSN) introduced a new paradigm for modern transportation systems by improving traffic management and comfort. However, the increasing adoption of smart sensing technologies with the Internet of Things (IoT) made VSN a high-value target for cybercriminals. In recent years, Machine Learning (ML) and Deep Learning (DL) techniques attracted the research community to develop security solutions for IoT networks. Traditional ML and DL approaches that operate with data stored on a centralized server raise major privacy problems for user data. On the other hand, the resource-constrained nature of a smart sensing network demands lightweight security solutions. To address these issues, this article proposes a Federated Learning (FL)-based attack detection framework for VSN. The proposed scheme utilizes a group of Gated Recurrent Units (GRU) with a Random Forest (RF)-based ensembler unit. The effectiveness of the suggested framework is investigated through multiple performance metrics. Experimental findings indicate that the proposed FL approach successfully detected the cyberattacks in VSN with the highest accuracy of 99.52%. The other performance scores, precision, recall, and F1 are attained as 99.77%, 99.54%, and 99.65%, respectively

An Efficient Localization and Avoidance Method of Jammers in Vehicular Ad Hoc Networks

Jamming is a terrifying attack that could harm 802.11p-based vehicular communications by occupying the communication channels by overwhelming the network with jamming packets, especially for self-driving cars, as it is essential to send/receive messages without any interruptions to control the vehicles remotely. In wireless vehicular ad hoc networks (VANET), the attacker’s mission is more accessible due to the network’s open nature, way of communication, and lack of security measures. Most of the existing studies have focused on jamming detection approaches. However, few of them have addressed the jammer localization challenge. Moreover, even in these limited studies, the solutions’ assumptions, the proposed countermeasures, and their complexity were also missing. Therefore, this paper introduces a new approach to detecting, localizing, and avoiding jamming attacks in VANETs with high efficiency in terms of accuracy, implementation and complexity. The proposed approach uses the signal strength of the jammer for estimating only the distance between jammer and receiver, while then a less complex algorithm is proposed for localizing the jammer and then redirecting the vehicles away from the roads the attacker is using. This approach was simulated using real-life maps and specialized network environments. Additionally, the performance of the new approach was evaluated using different metrics. These evaluation metrics include (1) the estimated position of the jammer, (2) the handling of the jammer by announcing its location to normal vehicles (3) the avoidance of the jammed routes by increasing their weight, which forces the cars to reroute and evade the jamming area. The high localization accuracy, measured by the Euclidean distance, and the successful communication of the attacker’s position and its avoidance have highly increased the packet delivery ratio (PDR) and the signal-to-interference-plus-noise ratio (SINR). This was noticed significantly before and after avoiding the jamming area when for example, the PDR increased from 0% to 100% before and after bypassing the jammer’s routes

An Efficient Localization and Avoidance Method of Jammers in Vehicular Ad Hoc Networks

Jamming is a terrifying attack that could harm 802.11p-based vehicular communications by occupying the communication channels by overwhelming the network with jamming packets, especially for self-driving cars, as it is essential to send/receive messages without any interruptions to control the vehicles remotely. In wireless vehicular ad hoc networks (VANET), the attacker’s mission is more accessible due to the network’s open nature, way of communication, and lack of security measures. Most of the existing studies have focused on jamming detection approaches. However, few of them have addressed the jammer localization challenge. Moreover, even in these limited studies, the solutions’ assumptions, the proposed countermeasures, and their complexity were also missing. Therefore, this paper introduces a new approach to detecting, localizing, and avoiding jamming attacks in VANETs with high efficiency in terms of accuracy, implementation and complexity. The proposed approach uses the signal strength of the jammer for estimating only the distance between jammer and receiver, while then a less complex algorithm is proposed for localizing the jammer and then redirecting the vehicles away from the roads the attacker is using. This approach was simulated using real-life maps and specialized network environments. Additionally, the performance of the new approach was evaluated using different metrics. These evaluation metrics include (1) the estimated position of the jammer, (2) the handling of the jammer by announcing its location to normal vehicles (3) the avoidance of the jammed routes by increasing their weight, which forces the cars to reroute and evade the jamming area. The high localization accuracy, measured by the Euclidean distance, and the successful communication of the attacker’s position and its avoidance have highly increased the packet delivery ratio (PDR) and the signal-to-interference-plus-noise ratio (SINR). This was noticed significantly before and after avoiding the jamming area when for example, the PDR increased from 0% to 100% before and after bypassing the jammer’s routes

Integrating Software Engineering Processes in the Development of Efficient Intrusion Detection Systems in Wireless Sensor Networks

Applying Software Engineering (SE) processes is vital to critical and complex systems including security and networking systems. Nowadays, Wireless Sensor Networks (WSNs) and their applications are found in many military and civilian systems which make them attractive to security attackers. The increasing risks and system vulnerabilities of WSNs have encouraged researchers and developers to propose many security solutions including software-based Intrusion Detection Systems (IDSs). The main drawbacks of current IDSs are due to the lack of clear, structured software development processes. Unfortunately, a substantial gap has been observed between WSN and SE research communities. Integrating SE and WSNs is an emerging topic that will be expanded as technology evolves and spreads in all life aspects. Consequently, this paper highlighted the importance of Requirement Engineering, Software Design, and Testing when developing IDSs for WSNs. Three software IDS designs were proposed in this study: Scheduling, Broadcast, and Watchdog designs. The three designs were compared in terms of consumed energy and network lifetime. Although the same IDS approach was used, but, by highlighting the design phase and implementing different designs, the network lifetime was increased by 73.6% and the consumed energy was reduced by 20% in some of the designs. This is a clear indication of how following a proper SE process could affect the performance of the IDS in WSN. Moreover, conclusions were drawn in regard to applying software engineering processes to IDSs to deliver the required functionalities, with respect to operational constraints, with an improved performance, accuracy and reliability