Search

Your search keyword '"Fuad A. Ghaleb"' showing total 7 results
Start Over Author "Fuad A. Ghaleb" Publisher institute of electrical and electronics engineers (ieee)
7 results on '"Fuad A. Ghaleb"'

5. An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning

Author

Jemal H. Abawajy, Sultan Alanazi, Afrah Y. AL-Rezami, Fuad A. Ghaleb, Asma A. Alhashmi, and Abdulbasit Darem

Subjects
Software_OPERATINGSYSTEMS, General Computer Science, Concept drift, Computer science, Feature extraction, adaptive incremental batch learning, computer.software_genre, Machine learning, Classifier (linguistics), statistical process control, General Materials Science, Application programming interface, business.industry, Deep learning, General Engineering, deep learning, Static analysis, Statistical process control, TK1-9971, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Malware variant detection, Malware, concept drift detection, Electrical engineering. Electronics. Nuclear engineering, Artificial intelligence, business, computer
Abstract

Malware variants are the major emerging threats that face cybersecurity due to the potential damage to computer systems. Many solutions have been proposed for detecting malware variants. However, accurate detection is challenging due to the constantly evolving nature of the malware variants that cause concept drift. Existing malware detection solutions assume that the mapping learned from historical malware features will be valid for new and future malware. The relationship between input features and the class label has been considered stationary, which doesn’t hold for the ever-evolving nature of malware variants. Malware features change dynamically due to code obfuscations, mutations, and the modification made by malware authors to change the features’ distribution and thus evade the detection rendering the detection model obsolete and ineffective. This study presents an Adaptive behavioral-based Incremental Batch Learning Malware Variants Detection model using concept drift detection and sequential deep learning (AIBL-MVD) to accommodate the new malware variants. Malware behaviors were extracted using dynamic analysis by running the malware files in a sandbox environment and collecting their Application Programming Interface (API) traces. According to the malware first-time appearance, the malware samples were sorted to capture the malware variants’ change characteristics. The base classifier was then trained based on a subset of historical malware samples using a sequential deep learning model. The new malware samples were mixed with a subset of old data and gradually introduced to the learning model in an adaptive batch size incremental learning manner to address the catastrophic forgetting dilemma of incremental learning. The statistical process control technique has been used to detect the concept drift as an indication for incrementally updating the model as well as reducing the frequency of model updates. Results from extensive experiments show that the proposed model is superior in terms of detection rate and efficiency compared with the static model, periodic retraining approaches, and the fixed batch size incremental learning approach. The model maintains an average of 99.41% detection accuracy of new and variants malware with a low updating frequency of 1.35 times per month.

Published
2021
Full Text
View/download PDF

6. Database Forensic Investigation Process Models: A Review

Author

Arafat Al-dhaqm, Shukor Abd Razak, Siti Hajar Othman, Abdulalem Ali, Fuad A. Ghaleb, Arieff Salleh Rosman, and Nurazmallail Marni

Subjects
Structure (mathematical logic), Process modeling, General Computer Science, Database, Computer science, Process (engineering), investigation process model, Digital forensics, General Engineering, 020207 software engineering, 02 engineering and technology, Database forensic, computer.software_genre, Field (computer science), Metamodeling, Data modeling, Identification (information), Relational database management system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, digital forensic, lcsh:TK1-9971, computer
Abstract

Database Forensic Investigation (DBFI) involves the identification, collection, preservation, reconstruction, analysis, and reporting of database incidents. However, it is a heterogeneous, complex, and ambiguous field due to the variety and multidimensional nature of database systems. A small number of DBFI process models have been proposed to solve specific database scenarios using different investigation processes, concepts, activities, and tasks as surveyed in this paper. Specifically, we reviewed 40 proposed DBFI process models for RDBMS in the literature to offer up-to-date and comprehensive background knowledge on existing DBFI process model research, their associated challenges, issues for newcomers, and potential solutions for addressing such issues. This paper highlights three common limitations of the DBFI domain, which are: 1) redundant and irrelevant investigation processes; 2) redundant and irrelevant investigation concepts and terminologies; and 3) a lack of unified models to manage, share, and reuse DBFI knowledge. Also, this paper suggests three solutions for the discovered limitations, which are: 1) propose generic DBFI process/model for the DBFI field; 2) develop a semantic metamodeling language to structure, manage, organize, share, and reuse DBFI knowledge; and 3) develop a repository to store and retrieve DBFI field knowledge.

Published
2020
Full Text
View/download PDF

7. Hybrid and Multifaceted Context-Aware Misbehavior Detection Model for Vehicular Ad Hoc Network

Author

Tawfik Al-Hadhrami, Mohd Aizaini Maarof, Faisal Saeed, Anazida Zainal, Fuad A. Ghaleb, and Bander Ali Saleh Al-rimy

Subjects
context-aware, Vehicular ad hoc network, General Computer Science, Wireless ad hoc network, Computer science, misbehavior detection, Distributed computing, General Engineering, 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Kalman filter, Hybrid, vehicular ad hoc network (VANET), 0203 mechanical engineering, Robustness (computer science), false information attacks, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, Kalman Filter, lcsh:TK1-9971
Abstract

Vehicular Ad Hoc Networks (VANETs) have emerged mainly to improve road safety and traffic efficiency and provide user comfort. The performance of such networks’ applications relies on the availability of accurate and recent mobility-information shared among vehicles. This means that misbehaving vehicles that share false mobility information can lead to catastrophic losses of life and property. However, the current solutions proposed to detect misbehaving vehicles are not able to cope with the dynamic vehicular context and the diverse cyber-threats, leading to a decrease in detection accuracy and an increase in false alarms. This paper addresses these issues by proposing a Hybrid and Multifaceted Context-aware Misbehavior Detection model (HCA-MDS), which consists of four phases: data-collection, context-representation, context-reference construction, and misbehavior detection. Data-centric and behavioral-detection-based features are derived to represent the vehicular context. An online and timely updated context-reference model is built using unsupervised nonparametric statistical methods, namely Kalman and Hampel filters, through analyzing the temporal and spatial correlation of the consistency between mobility information to adapt to the highly dynamic vehicular context. Vehicles’ behaviors are evaluated locally and autonomously according to the consistency, plausibility, and reliability of their mobility information. The results from extensive simulations show that HCA-MDS outperforms existing solutions in increasing the detection rate by 38% and decreasing the false positive rate by 7%. These results demonstrate the effectiveness and robustness of the proposed HCA-MDS model to strengthen the security of VANET applications and protocols.

Published
2019
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results