Email Authorship Attribution In Cyber Forensics

Email is one of the most widely used forms of written communication over the Internet, and its use has increased tremendously for both personal and professional purposes. The increase in email traffic comes also with an increase in the use of emails for illegitimate purposes to commit all sort of crimes. Phishing, spamming, email bombing, threatening, cyber bullying, racial vilification, child pornography, viruses and malware propagation, and sexual harassments are common examples of email abuses. Terrorist groups and criminal gangs are also using email systems as a safe channel for their communication. The alarming increase in the number of cybercrime incidents using email is mostly due to the fact that email can be easily anonymized. The problem of email authorship attribution is to identify the most plausible author of an anonymous email from a group of potential suspects. Most previous contributions employed a traditional classification approach, such as decision tree and Support Vector Machine (SVM), to identify the author and studied the effects of different writing style features on the classification accuracy. However, little attention has been given on ensuring the quality of the evidence. In this work, we introduce an innovative data mining method to capture the write-print of every suspect and model it as combinations of features that occur frequently in the suspect's emails. This notion is called frequent pattern, which has proven to be effective in many data mining applications, but has not been applied to the problem of authorship attribution. Unlike traditional approaches, the extracted write-print by our method is unique among the suspects and, therefore, provides convincing and credible evidence for presenting it in a court of law. Experiments on real-life emails suggest that the proposed method can effectively identify the author and the results are supported by a strong evidence.qscienc

On Modelling and Analyzing Composite Resources’ Consumption Cycles using Time Petri-Nets

ICT community cornerstones (IoT in particular) gain competitive advantage from using physical resources. This paper adopts Time Petri-Nets (TPNs) to model and analyze the consumption cycles of composite resources. These resources consist of primitive, and even other composite, resources that are associated with consumption properties and could be subject to disruptions. These properties are specialized into unlimited, shareable, limited, limited-but-renewable, and non-shareable, and could impact the availability of resources. This impact becomes a concern when disruptions suspend ongoing consumption cycles to make room for the unplanned consumptions. Resuming the suspended consumption cycles depends on the resources’ consumption properties. To ensure correct modeling and analysis of consumption cycles, whether disrupted or not, TPNs are adopted to verify that composite resources are reachable, bound, fair, and live

Towards model-based management of database fragmentation

The performance of a database can significantly deteriorate due to the fragmentation of data/index files. Manual database defragmentation and performance optimization remain time consuming and even infeasible as it requires knowledge of the complicated behavior of fragmentation and its relationships with system parameters. We propose a model-based detection and management framework for the database fragmentation which can automatically optimize database performance, detect the fault existence, estimate its future impact on system performance and recover the system back to normal. A predictive controller is designed to take proper actions to guarantee the QoS and remedy faults. Experimental studies on a realistic test-bed show the applicability and effectiveness of our approach. 8th International Workshop on Feedback Computing 2013. All rights reserved.This paper was made possible by NPRP grant # NPRP 09-778-2299 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.Scopu

Security Evaluation and Hardening of Free and Open Source Software (FOSS)

Recently, Free and Open Source Software (FOSS) has emerged as an alternative to Commercial-Off- The-Shelf (COTS) software. Now, FOSS is perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and numerous advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very challenging and demanding. Methodologies and technical policies must be adapted to reliably compose large FOSS-based software systems. A DRDC Valcartier-Concordia University feasibility study completed in March 2004 concluded that the most promising approach for securing FOSS is to combine advanced design patterns and Aspect-Oriented Programming (AOP). Following the recommendations of this study a three years project have been conducted as a collaboration between Concordia University, DRDC Valcartier, and Bell Canada. This paper aims at presenting the main contributions of this project. It consists of a practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS

Analyse et validation formelle des systèmes temps réel

Notions préliminaires -- Les réseaux de petri temporels (modèle tpn) -- Abstraction du modèle TPN -- Notre caractérisation du modèle d'états abstraits -- Le graphe des zones d'états concrets -- Vérification des propriétés temporisées du modèle TPN

Adaptive local search approach for the timetable scheduling problem

In this paper, we present a new Adaptive Local Search approach (ALS) and its implementation for the NP hard Timetable Scheduling Problem. This approach uses graph heuristics to generate the initial solution and the Aspiration criterion with Random moves strategies to improve a guided local search procedure for the search process. Experimental results on a collection of data sets from the popular Carter's benchmark demonstrated very promising results when compared with several existing state of the art approaches. 2017 IEEE.Scopu

On-the-fly T C T L model checking for time Petri nets

AbstractIn this paper, we show how to efficiently model check a subset of TCTL properties for the Time Petri Net model (TPN model), using the state class method. The verification proceeds by augmenting the TPN model under analysis with a special TPN, called Alarm-clock, to allow the capture of relevant time events. A forward on-the-fly exploration is then applied on the resulting TPN state class space to verify a timed property. A relaxation operation on state classes is also introduced to further improve performances. Alarm-clock is the same for all properties, whereas the exploration technique is not. Three exploration techniques are presented to cover most interesting TCTL properties. We prove the decidability of our verification technique for bounded TPN models and compare it with the reachability algorithm implemented in the tool UPPAAL [G. Behrmann, J. Bengtsson, A. David, K.G. Larsen, P. Pettersson, W. Yi, Uppaal implementation secrets, in: Proc. of the 7th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, 2002]. Finally, we give some experimental results to show the efficiency of our verification technique

CTL* model checking for time Petri nets

AbstractThis paper aims at applying the CTL*11Computation Tree Logic. model checking method to the time Petri net (TPN) model. We show here how to contract its generally infinite state space into a graph that captures all its CTL* properties. This graph, called atomic state class graph (ASCG), is finite if and only if, the model is bounded.22The number of its reachable markings is finite. Our approach is based on a partition refinement technique, similarly to what is proposed in [Berthomieu, Vernadat, State class constructions for branching analysis of time Petri nets, Lecture Notes in Computer Science, vol. 2619, 2003; Yoneda, Ryuba, CTL model checking of time Petri nets using geometric regions, IEICE Trans. Inf. Syst. E99-D(3) (1998)]. In such a technique, an intermediate abstraction (contraction) of the TPN state space is first built, then refined until CTL* properties are restored. Our approach improves the construction of the ASCG in two ways. The first way deals with speeding up the refinement process by using a much more compact intermediate contraction of the TPN state space than those used in [Berthomieu, Vernadat, State class constructions for branching analysis of time Petri nets, Lecture Notes in Computer Science, vol. 2619, 2003; Yoneda, Ryuba, CTL model checking of time Petri nets using geometric regions, IEICE Trans. Inf. Syst. E99-D(3) (1998)]. The second way deals with computing each ASCG node in O(n2) instead of O(n3), n being the number of transitions enabled at the node. Experimental results have shown that our improvements have a good impact on performances