Detecting crypto-ransomware in IoT networks based on energy consumption footprint

An Internet of Things (IoT) architecture generally consists of a wide range of Internet-connected devices or things such as Android devices, and devices that have more computational capabilities (e.g., storage capacities) are likely to be targeted by ransomware authors. In this paper, we present a machine learning based approach to detect ransomware attacks by monitoring power consumption of Android devices. Specifically, our proposed method monitors the energy consumption patterns of different processes to classify ransomware from non-malicious applications. We then demonstrate that our proposed approach outperforms K-Nearest Neighbors, Neural Networks, Support Vector Machine and Random Forest, in terms of accuracy rate, recall rate, precision rate and F-measure.

Find the full article HERE!  

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Machine learning aided Android malware classification

Another research paper titled "Machine learning aided Android malware classification" published in Computers & Electrical Engineering journal. Following is the paper abstract:

The widespread adoption of Android devices and their capability to access significant private and confidential information have resulted in these devices being targeted by malware developers. Existing Android malware analysis techniques can be broadly categorized into static and dynamic analysis. In this paper, we present two machine learning aided approaches for static analysis of Android malware. The first approach is based on permissions and the other is based on source code analysis utilizing a bag-of-words representation model. Our permission-based model is computationally inexpensive, and is implemented as the feature of OWASP Seraphimdroid Android app that can be obtained from Google Play Store. Our evaluations of both approaches indicate an F-score of 95.1% and F-measure of 89% for the source code-based classification and permission-based classification models, respectively.

For the full text please refer to: http://www.sciencedirect.com/science/article/pii/S0045790617303087

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Investigating the Antecedents to the Adoption of SCRM Technologies by Start-up Companies

A paper in collaboration with colleagues in the school of business: 

Investigating the Antecedents to the Adoption of SCRM Technologies by Start-up Companies

Despite their fairly recent emergence, start-up companies now play an important role in the economic development of countries around the globe. These companies have fewer tangible assets and capital, and therefore, the efficient delivery of services and products is a key business priority for them. Customer Relationship Management (CRM) technologies, which are designed to facilitate customer engagement during the design, development and delivery of services and products may play a significant role in the success or failure of start-up companies. Developments in new communication technologies have transformed traditional CRM into Electronic CRM (eCRM), Mobile CRM (mCRM); and more recently, Social CRM (SCRM). However, there remains very little understanding of the factors affecting SCRM adoption in start-up businesses. The relative newness of SCRM technologies, coupled with the swiftly evolving nature of start-up companies: which has made them difficult cases to study – has limited the amount of research undertaken in this area. This paper aims to close this gap by proposing a framework that depicts the factors affecting start-up companies’ intention to adopt SCRM applications, and explores the relative importance of these factors. Inspired by an extended Technological, Organisational and Environmental (TOE) framework, this paper investigates effects of Technological Characteristics (TC), Organisational Characteristics (OC), Environmental Characteristics (EC) and Managerial Characteristics (MC) on start-up companies’ intentions to adopt SCRM applications.

The results outlined in this research indicate that the observability, compatibility and trialability of SCRM solutions positively affect SCRM adoption in start-up businesses. Moreover, the availability of internal financial resources has a similarly positive effect. When considering environmental characteristics, it was found that support from venture capitalists, crowdfunding support, governmental support, business angels support and external pressure all positively affect the intention to adopt SCRM applications within start-up businesses.

Here is the link to the article: http://www.sciencedirect.com/science/article/pii/S0736585316304397

 

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

A Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks

Another paper of ours in IoT networks incident detection:

With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks.

Here is the link to the published article: http://ieeexplore.ieee.org/document/7762123/

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study

Another paper of us published in the Journal of Forensic Sciences: 

Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and is an under-explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log-in to and log-out from Symform account using the client application, file synchronization as well as their time stamp information. This research contributes to an in-depth understanding of the types of terrestrial artifacts that are likely to remain after the use of cooperative storage cloud on client devices.

Here is the link to the paper: http://onlinelibrary.wiley.com/doi/10.1111/1556-4029.13271/full

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study

Another paper in digital forensics: 

Cloud computing can be generally regarded as the technology enabler for Internet of Things (IoT). To ensure the most effective collection of evidence from cloud-enabled IoT infrastructure, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services and applications. In this paper, we seek to determine the data remnants from the use of the newer BitTorrent Sync applications (version 2.x). Findings from our research using mobile and computer devices running Windows, Mac OS, Ubuntu, iOS, and Android devices suggested that artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources of IoT forensics. We also extend the cloud forensics framework of Martini and Choo to provide a forensically sound investigation methodology for the newer BitTorrent Sync applications.

Here is the link to paper:  http://www.sciencedirect.com/science/article/pii/S0045790616302208

regards,  

 

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Digital forensics: the missing piece of the Internet of Things promise

Another paper with Mr. Steve Watson titled "Digital forensics: the missing piece of the Internet of Things promise" in (Elsevier) Computer Fraud and Security Volume 2016, Issue 6, pages 5-8. Following is the paper abstract:

As technology advances at a blinding pace, the promise of new gadgets to enhance every facet of our lives tempts every consumer and organisation. From the ease of automation, control and monitoring of the most mundane aspects of our lives to advanced lifesaving and monitoring capabilities, our world is changing daily.

No reliable forensics application or digital forensics guidance exists to retrieve the data from IoT devices in the event of an attack, an active investigation or a litigation request.

The digital forensics of Internet of things (IoT) technologies is the missing conversation in our headlong rush to the promise of connecting every device on the planet. Steve Watson of VTO Labs and Ali Dehghantanha of the University of Salford discuss the issues and the importance of further development in this field. And they elaborate on how forensics practitioners, device manufacturers and legal authorities could share their efforts and minimise this gap.

 

Here is the link to the paper: http://www.sciencedirect.com/science/article/pii/S1361372315300452 

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study

Another paper of us (Teing Yee Yang, Ali Dehghantanha, Raymond Choo, Mauro Conti, Tooska Dargahi) titled "Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study" is accepted for publication at the Journal of Forensics Sciences. Following is the paper abstract:

Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and under-explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04 LTS, iOS 7.1.2, and Android KitKat 4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log-in to and log-out from symform account using the client application, file synchronisation as well as their timestamp information. This research contributes to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of cooperative storage cloud on client devices. 

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing

This paper of us is published as an open access publication at EURASIP Journal of Wireless Communications. Following is the paper abstract:

Widespread adoption of cloud computing has increased the attractiveness of such services to cybercriminals. Distributed denial of service (DDoS) attacks targeting the cloud’s bandwidth, services and resources to render the cloud unavailable to both cloud providers, and users are a common form of attacks. In recent times, feature selection has been identified as a pre-processing phase in cloud DDoS attack defence which can potentially increase classification accuracy and reduce computational complexity by identifying important features from the original dataset during supervised learning. In this work, we propose an ensemble-based multi-filter feature selection method that combines the output of four filter methods to achieve an optimum selection. We then perform an extensive experimental evaluation of our proposed method using intrusion detection benchmark dataset, NSL-KDD and decision tree classifier. The findings show that our proposed method can effectively reduce the number of features from 41 to 13 and has a high detection rate and classification accuracy when compared to other classification techniques.

 

1 Comment

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015! 

Cloud storage forensics: MEGA as a case study

The increasing use of smartphones and cloud storage apps allows users to access their data anywhere, anytime. Due to the potential of mobile devices being used and/or targeted by criminals, such devices are an important source of evidence in investigations of both cybercrime and traditional crimes, such as drug trafficking. In this paper, we study the MEGA cloud client app, an increasingly popular alternative to Google Drive, Dropbox and OneDrive, on both Android and iOS platforms. In our study, we identify a range of artefacts arising from user activities, such as login, uploading, downloading, deletion, and the sharing of files, which could be forensically recovered, as well as findings such as modification of files’ timestamps. Our findings contribute to an up-to-date understanding of cloud storage forensics. Here is the link to the paper: http://www.tandfonline.com/doi/full/10.1080/00450618.2016.1153714

Ali Dehghantanha

Dr. AliDehghantanha (www.alid.info) has served for more than a decade in a variety of industrial and academic positions with leading players in Cyber-Security and E-Commerce. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, professional trainer, and university lecturer. Ali is imminently qualified in the field of cyber security; he has an EU Marie Curie post-doctoral fellowship in cyber forensics (the Marie Curie Fellowships are Europe’s most competitive and prestigious award), Ph.D in Security in Computing and a number of professional qualifications namely SANS-GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS-GIAC Reverse Engineering Malware (GREM), SANS-GIAC Certified Forensics Analyst (GCFA), CCFP (Certified Cyber Forensic Professional), CISSP (Certified Information Systems Security Professional), and CEH (Certified Ethical Hacker). Ali is a fellow of the UK Higher Education Academy (HEA) and served as a keynote speaker for a number of security conferences namely the International Conference on Information Security and Cyber Forensics (InfoSec2015) speaking about “Detection and analysis IoT Malwares" at Cape-Town, South Africa, keynote speaker at the International Conference on Information Security and Digital Forensics (ISDF2015) speaking on "Efficient Analysis of Malware Campaigns" at Kuala Lumpor, Malaysia and invited speaker for ISACA EuroCACS/ISRM 2015 speaking about "Finding the Needle in Internet of Everything Haystack" at Copenhagen, Denmark. In 2015, he was an invited speaker for ISACA North-West UK meeting and talked about "Strategic Cyber Threat Intelligence".  He was one of the lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data.  Ali is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” and served as editor in chief for the International Journal of Cyber Security and Digital Forensics (IJCSDF) between Jan 2012 to Jan 2015!