Your search keyword '"Maryam Shahpasand"' showing total 5 results

1. Adversarial Attacks on Mobile Malware Detection

Author

Minhui Xue, Len Hamey, Dinusha Vatsalan, and Maryam Shahpasand

Subjects

Adversarial system, Computer science, Web traffic, Feature extraction, Malware, Android application, Adversarial machine learning, computer.software_genre, Computer security, computer, Mobile malware

Abstract

In recent years, machine learning approaches have been widely adopted for computer security tasks, including malware detection. Malware is a potent threat and an ongoing issue especially on smartphones which account for more than half of global web traffic. Although detection solutions are improving with the advances in machine learning techniques, they have been shown to be vulnerable to adversarial samples that carefully crafted perturbation enables them to evade detection. We propose a machine learning based model to attack malware classifiers leveraging the expressive capability of generative adversarial networks (GANs). We use GANs to generate effective adversarial samples by implying a threshold on the distortion amount on the generated samples. We show that the generated samples can bypass detection in 99% of attempts using a real Android application dataset.

Published

2019

2. A comprehensive security control selection model for inter-dependent organizational assets structure

Author

Mehdi Shajari, Seyed Alireza Hashemi Golpaygani, Maryam Shahpasand, and Hoda Ghavamipoor

Subjects

Information Systems and Management, Computer Networks and Communications, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Security controls, Management Information Systems, Information security audit, Management of Technology and Innovation, Security convergence, Security management, Business, computer, Software, Information Systems, Vulnerability (computing)

Abstract

Purpose – This paper aims to propose a comprehensive model to find out the most preventive subset of security controls against potential security attacks inside the limited budget. Deploying the appropriate collection of information security controls, especially in information system-dependent organizations, ensures their businesses' continuity alongside with their effectiveness and efficiency. Design/methodology/approach – Impacts of security attacks are measured based on interdependent asset structure. Regarding this objective, the asset operational dependency graph is mapped to the security attack graph to assess the risks of attacks. This mapping enables us to measure the effectiveness of security controls against attacks. The most effective subset is found by mapping its features (cost and effectiveness) to items’ features in a binary knapsack problem, and then solving the problem by a modified version of the classic dynamic programming algorithm. Findings – Exact solutions are achieved using the dynamic programming algorithm approach in the proposed model. Optimal security control subset is selected based on its implementation cost, its effectiveness and the limited budget. Research limitations/implications – Estimation of control effectiveness is the most significant limitation of the proposed model utilization. This is caused by lack of experience in risk management in organizations, which forces them to rely on reports and simulation results. Originality/value – So far, cost-benefit approaches in security investments are followed only based on vulnerability assessment results. Moreover, dependency weights and types in interdependent structure of assets have been taken into account by a limited number of models. In the proposed model, a three-dimensional graph is used to capture the dependencies in risk assessment and optimal control subset selection, through a holistic approach.

Published

2015

3. Optimum Countermeasure Portfolio Selection

Author

Maryam Shahpasand and Sayed Alireza Hashemi Golpayegani

Subjects

Countermeasure, Operations research, Knapsack problem, Portfolio, Information security, Business, Computer security, computer.software_genre, computer, Selection (genetic algorithm), Blocking (computing)

Abstract

Deploying an appropriate collection of information security countermeasures in an organization should result in high-level blocking power against existing threats. In this chapter, a new knapsack-based approach is proposed for finding out which subset of countermeasures is the best at preventing probable security attacks. In this regard, an effectiveness score is defined for each countermeasure based on its mitigation level against all threats. Organizations are always looking for more effective low-cost solutions, so another consideration is that the implementation cost of the selected countermeasure portfolio should not exceed the allocated budget. Following the knapsack idea, the implementation cost of each countermeasure and its effectiveness, defined as inputs and the best subset, are chosen with respect to budget limits. Our results are compared with similar research and recommend the same countermeasure portfolio.

Published

2014

4. An anonymous and efficient e-voting scheme

Author

Hoda Ghavamipoor and Maryam Shahpasand

Subjects

Scheme (programming language), Authentication, Electronic voting, Process (engineering), business.industry, media_common.quotation_subject, Public key infrastructure, Computer security, computer.software_genre, Set (abstract data type), Public-key cryptography, Voting, Political science, business, computer, computer.programming_language, media_common

Abstract

This Electronic voting has about twenty years history and lots of partially secure electronic voting schemes has been proposed in this period of time. There are some security requirements that these entire schemes have been supposed to comply. Another important issue about voting schemes is efficiency, in which, in most cases have been eclipsed because of complying those security requirements. Security techniques such as using public key infrastructure are very common in electronic voting schemes which cause a heavy load on process and increase the number of transmissions between parties In this paper, we introduce a secure and efficient electronic voting scheme based on blind signatures in which voters do not need a set of public/private keys. The proposed scheme fulfills all the security requirements mentioned in the literature.

Published

2013

5. Usage Decision Model for Online Social Network

Author

Maryam Shahpasand, Ramlan Mahmod, Nur Izura Udzir, and Ali Deghantanha

Subjects

Information privacy, Authentication, Social network, Process (engineering), Computer science, business.industry, media_common.quotation_subject, Internet privacy, Access control, Computer security, computer.software_genre, Shared resource, Function (engineering), business, Decision model, computer, media_common

Abstract

Online social networks provide user relationships and increase information and resource sharing between a large amount of users. Communications by social networks overtake the emails, and it poses enormous security challenges in this platform. Numerous privacy leakages arise while unauthorized users can access information at anywhere and anytime. This paper presents Usage Decision Online Social Network (UDOSN) model to protect private data from illegal access before and during the usage in online social networks. The authentication function controls the access requests before the usage, and right requests are done by the authorization function during the usage. Presented scenarios show the process of both functions. Moreover, Usage Decision Online Social Network model is reusable and environment-independent, and it is defined for social network with formal descriptions.

Published

2012