Classifying Swahili Smishing Attacks for Mobile Money Users: A Machine-Learning Approach

This research article was published by IEEE Access 2022Due to the massive adoption of mobile money in Sub-Saharan countries, the global transaction value of mobile money exceeded $2 billion in 2021. Projections show transaction values will exceed$3 billion by the end of 2022, and Sub-Saharan Africa contributes half of the daily transactions. SMS (Short Message Service) phishing cost corporations and individuals millions of dollars annually. Spammers use Smishing (SMS Phishing) messages to trick a mobile money user into sending electronic cash to an unintended mobile wallet. Though Smishing is an incarnation of phishing, they differ in the information available and attack strategy. As a result, detecting Smishing becomes difficult. Numerous models and techniques to detect Smishing attacks have been introduced for high-resource languages, yet few target low-resource languages such as Swahili. This study proposes a machine-learning based model to classify Swahili Smishing text messages targeting mobile money users. Experimental results show a hybrid model of Extratree classifier feature selection and Random Forest using TFIDF (Term Frequency Inverse Document Frequency) vectorization yields the best model with an accuracy score of 99.86%. Results are measured against a baseline Multinomial Naïve-Bayes model. In addition, comparison with a set of other classic classifiers is also done. The model returns the lowest false positive and false negative of 2 and 4, respectively, with a Log-Loss of 0.04. A Swahili dataset with 32259 messages is used for performance evaluation

Smart System for Controlling and Monitoring Water and Turbidity Levels in Dam Reservoir using Micro-Controller Technology

This research article was published by Engineering, Technology & Applied Science Research, Volume 8, Issue 1, January - 2022A micro-controller-based technology has been developed for monitoring and controlling the water quality and quantity in dam reservoirs by using various sensors. This system is able to automatically detect and measure the changes in water and turbidity levels of incoming water for hydropower production. In this project, an Arduino UNO micro-controller and GSM Technology control the operations of the system through sending messages and regulating automatic water valves according to the instant status of the dam water. The developed prototype has four units: sensing unit, processing unit, displaying unit, and alerting unit. In the sensing unit, the ultrasonic sensor continuously monitors the change in water levels and the turbidity sensor takes turbidity measurements of incoming water. In the processing unit, the detected data are collected and fed to the microcontroller for further processing. This technology is expected to reduce the time and cost incurred during the hydropower plant operations by using a small amount of manpower and will facilitate fast information collection

FakeAP Detector: An Android-Based Client-Side Application for Detecting Wi-Fi Hotspot Spoofing

This research article published by IEEE Access, 2022Network spoofing is becoming a common attack in wireless networks. The trend is going high due to an increase in Internet users. Similarly, there is a rapid growth of numbers in mobile devices in the working environments and on most official occasions. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving guest users with mobile devices at risk. Some approaches on Android-based devices demand root privilege, which is highly discouraged. This paper presents an Android-based client-side solution to detect the presence of fake access points in a perimeter using details collected from probe responses. Our approach considers the difference in security information and signal level of an access point (AP). We present the detection in three networks, (i) open networks, (ii) closed networks and (iii) networks with captive portals. As a departure from existing works, our solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that our approach can detect fake access points with an accuracy of 99% and 99.7% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively

スマートフォン デ ノ フィッシング ケンシュツ オヨビ コウシン コンプライアンス ノ タメ ノ ケンショウ エージェント ト セットクリョク ノ アル セッケイ

博第1661号甲第1661号博士 (工学)奈良先端科学技術大学院大

Automatic Escaped Animal Detection and Monitoring System. Case study: Volcanoes National Park (VNP) In Rwanda

The results have been shown that the people especially farmers living at the edge of Volcanoes National Park (VNP) practiced agricultural business due to the fertile soil found in the region. The rising number of agronomies in the zone, number of tourists, and illegal forest users such as poaching, and deforestation cause wild animals to get out of their habitats. Therefore, forest animals present a likely risk to damage crops whenever they get out of the forest. The current systems such as “Buffer Wall also known as wall of stones” was manually operated; electric fence systems resulted in death and pain to wild animals.  Due to the development of automatic systems for detecting and monitoring all moving wild animals and intruders, it was stated that using automation at Buffer wall could be helpful for both wild animals and farmers keeping safe. The objectives of developing an Automatic Escaped Animal Detection and Monitoring System were to reduce the probability of crop raids, death and injuries between wild animals and farmers, warning the wild animals through the use of buzzer, speaker with a recorder voice of lion and block of LEDs to remain in their habitats and the notifications sent to the park officials related to the wild animals getting out of the forest. This system should primarily use sensing devices to detect and monitor their presence.  The specialty of this technological system developed was to automate manual and improve the current systems by using Arduino NANO Microcontroller to execute system’s operations, GPS NEO 6M for locating moving wild animal, Ultrasonic sensor for detecting wildlife and calculating its speed, PIR sensor to detect intruders, GSM SIM900 to notify park rangers, reduction of crop raiding, and finally reducing the death and pain of wild animals caused by the current systems

A Game or Notes? The Use of a Customized Mobile Game to Improve Teenagers’ Phishing Knowledge, Case of Tanzania

Recently, phishing attacks have been increasing tremendously, and attackers discover new techniques every day to deceive users. With the advancement of technology, teenagers are considered the most technologically advanced generation, having grown up with the availability of the internet and mobile devices. However, as end-users, they are also considered the weakest link for these attacks to be successful, as they still show poor cybersecurity hygiene and practices. Despite several efforts to educate and provide awareness on the prevention of phishing attacks, less has been done to develop tools to educate teenagers about protecting themselves from phishing attacks considering their differences in social-economic and social culture. This research contributes a customized educational mobile game that fits the African context due to the participants’ existing differences in social-economic and social culture. We initially conducted a survey to assess teenagers’ phishing and cybersecurity knowledge in secondary schools categorized as international, private, and government schools. We then developed a customized mobile game based on the African context taking into consideration participants’ differences in social-economic and social culture. We compared the performance of phishing knowledge of teenagers using a game and a traditional teaching method. The traditional teaching method was presented by the reading notes method. The results revealed that teenagers’ phishing and cybersecurity knowledge differs based on their socioeconomic and social culture. For instance, international, private scholars, and those who live in urban areas have better phishing knowledge than those from government schools and those who live in rural areas. On the other hand, participants who had a poor performance in the first assessment improved their knowledge after playing the game. In addition, participants who played the game had retained their phishing knowledge more, two weeks later, than their counterparts who read only notes

A Game or Notes? The Use of a Customized Mobile Game to Improve Teenagers’ Phishing Knowledge, Case of Tanzania

Recently, phishing attacks have been increasing tremendously, and attackers discover new techniques every day to deceive users. With the advancement of technology, teenagers are considered the most technologically advanced generation, having grown up with the availability of the internet and mobile devices. However, as end-users, they are also considered the weakest link for these attacks to be successful, as they still show poor cybersecurity hygiene and practices. Despite several efforts to educate and provide awareness on the prevention of phishing attacks, less has been done to develop tools to educate teenagers about protecting themselves from phishing attacks considering their differences in social-economic and social culture. This research contributes a customized educational mobile game that fits the African context due to the participants’ existing differences in social-economic and social culture. We initially conducted a survey to assess teenagers’ phishing and cybersecurity knowledge in secondary schools categorized as international, private, and government schools. We then developed a customized mobile game based on the African context taking into consideration participants’ differences in social-economic and social culture. We compared the performance of phishing knowledge of teenagers using a game and a traditional teaching method. The traditional teaching method was presented by the reading notes method. The results revealed that teenagers’ phishing and cybersecurity knowledge differs based on their socioeconomic and social culture. For instance, international, private scholars, and those who live in urban areas have better phishing knowledge than those from government schools and those who live in rural areas. On the other hand, participants who had a poor performance in the first assessment improved their knowledge after playing the game. In addition, participants who played the game had retained their phishing knowledge more, two weeks later, than their counterparts who read only notes

Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach

This research article published by MDPI, 2021Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list—obtained through a so-called an enumeration attack. In this paper, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed-environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (K-NN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improve when using ports information

An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

This research article published by IEEE, Volume: 7, 2019Phishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have more limited screen size and device capabilities compared to desktop users, are three times more likely to fall victim to phishing attacks. To assert our claim, we first investigated general phishing awareness among different groups of smartphone users. We then used smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that we developed. The results showed that knowledge and awareness about phishing do not seem to have a significant impact on security behaviours, as knowledgeable participants exhibited insecure behaviours such as opening email attachments from unfamiliar senders. However, attentiveness was important as even participants with low cybersecurity knowledge could effectively identify attacks if they were reasonably attentive. Based on these results, we asserted that users are more likely to continue falling victim to phishing attacks due to insecure behaviours, unless tools to lessen the identification burden are provided. We thus recommended implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We used fake login credentials as validation agents and monitor the destination server HTTP responses to determine the authenticity of a webpage. We also presented initial evaluation results of this algorithm