Browsing by Author "Yerima, Suleiman"
Now showing 1 - 20 of 54
Results Per Page
Sort Options
Item Open Access Adaptive Measurement-Based Policy-Driven QoS Management with Fuzzy-Rule-based Resource Allocation(MDPI, 2012-07-04) Yerima, Suleiman; Parr, G.; Morrow, P.; McClean, S.Fixed and wireless networks are increasingly converging towards common connectivity with IP-based core networks. Providing effective end-to-end resource and QoS management in such complex heterogeneous converged network scenarios requires unified, adaptive and scalable solutions to integrate and co-ordinate diverse QoS mechanisms of different access technologies with IP-based QoS. Policy-Based Network Management (PBNM) is one approach that could be employed to address this challenge. Hence, a policy-based framework for end-to-end QoS management in converged networks, CNQF (Converged Networks QoS Management Framework) has been proposed within our project. In this paper, the CNQF architecture, a Java implementation of its prototype and experimental validation of key elements are discussed. We then present a fuzzy-based CNQF resource management approach and study the performance of our implementation with real traffic flows on an experimental testbed. The results demonstrate the efficacy of our resource-adaptive approach for practical PBNM systems.Item Open Access Analysis of Bayesian classification-based approaches for Android malware detection(2013-12-19) Yerima, Suleiman; Sezer, Sakir; McWilliams, G.Mobile malware has been growing in scale and complexity spurred by the unabated uptake of smartphones worldwide. Android is fast becoming the most popular mobile platform resulting in sharp increase in malware targeting the platform. Additionally, Android malware is evolving rapidly to evade detection by traditional signature-based scanning. Despite current detection measures in place, timely discovery of new malware is still a critical issue. This calls for novel approaches to mitigate the growing threat of zero-day Android malware. Hence, the authors develop and analyse proactive machine-learning approaches based on Bayesian classification aimed at uncovering unknown Android malware via static analysis. The study, which is based on a large malware sample set of majority of the existing families, demonstrates detection capabilities with high accuracy. Empirical results and comparative analysis are presented offering useful insight towards development of effective static-analytic Bayesian classification-based solutions for detecting unknown Android malware.Item Open Access Android Malware Detection Using Parallel Machine Learning Classifiers(IEEE, 2014-12-15) Yerima, Suleiman; Sezer, Sakir; Muttik, I.Mobile malware has continued to grow at an alarming rate despite on-going mitigation efforts. This has been much more prevalent on Android due to being an open platform that is rapidly overtaking other competing platforms in the mobile smart devices market. Recently, a new generation of Android malware families has emerged with advanced evasion capabilities which make them much more difficult to detect using conventional methods. This paper proposes and investigates a parallel machine learning based classification approach for early detection of Android malware. Using real malware samples and benign applications, a composite classification model is developed from parallel combination of heterogeneous classifiers. The empirical evaluation of the model under different combination schemes demonstrates its efficacy and potential to improve detection accuracy. More importantly, by utilizing several classifiers with diverse characteristics, their strengths can be harnessed not only for enhanced Android malware detection but also quicker white box analysis by means of the more interpretable constituent classifiers.Item Open Access Android malware detection: An eigenspace analysis approach(IEEE, 2015-07) Yerima, Suleiman; Sezer, Sakir; Muttik, I.The battle to mitigate Android malware has become more critical with the emergence of new strains incorporating increasingly sophisticated evasion techniques, in turn necessitating more advanced detection capabilities. Hence, in this paper we propose and evaluate a machine learning based approach based on eigenspace analysis for Android malware detection using features derived from static analysis characterization of Android applications. Empirical evaluation with a dataset of real malware and benign samples show that detection rate of over 96% with a very low false positive rate is achievable using the proposed method.Item Open Access Bot-IMG: A framework for image-based detection of Android botnets using machine learning(IEEE, 2021-11-30) Yerima, Suleiman; Bashar, AbulTo enable more effective mitigation of Android botnets, image-based detection approaches offer great promise. Such image-based or visualization methods provide detection solutions that are less reliant on hand-engineered features which require domain knowledge. In this paper we propose Bot- IMG, a framework for visualization and image-based detection of Android botnets using machine learning. Furthermore, we evaluated the efficacy of Bot-IMG framework using the ISCX botnet dataset. In particular, we implement an image- based detection method using Histogram of Oriented Gradients (HOG) as feature descriptors within the framework, and utilized Autoencoders in conjunction with traditional machine learning classifiers. From the experiments performed, we obtained up to 95.3% classification accuracy using train-test split of 80:20 and 93.1% classification accuracy with 10-fold cross validation.Item Open Access Buffer Management for Multimedia QoS Control over HSDPA Downlink(IEEE, 2007-08-27) Yerima, Suleiman; Al-Begain, K.HSDPA specifications include support for a flexible framework for QoS management. In this paper, it is shown how buffer management could be incorporated into HSDPA QoS framework for 'multimedia' traffic QoS control in the MAC-hs of the Node-B. A time-space-priority (TSP) scheme is proposed as viable buffer management scheme to this effect. Comparative simulation study with other schemes is presented, demonstrating the effectiveness of the TSP buffer management scheme for 'multimedia' service QoS control in HSDPA Node-B data buffers.Item Open Access Class Balanced Similarity-Based Instance Transfer Learning for Botnet Family Classification(2018) Janicke, Helge; Yerima, Suleiman; Alothman, BasilThe use of Transfer Learning algorithms for enhancing the performance of machine learning algorithms has gained attention over the last decade. In this paper we introduce an extension and evaluation of our novel approach Similarity Based Instance Transfer Learning (SBIT). The extended version is denoted Class Balanced SBIT (or CB-SBIT for short) because it ensures the dataset resulting after instance transfer does not contain class imbalance. We compare the performance of CB-SBIT against the original SBIT algorithm. In addition, we compare its performance against that of the classical Synthetic Minority Over-sampling Technique (SMOTE) using network tra ffic data. We also compare the performance of CB-SBIT against the performance of the open source transfer learning algorithm TransferBoost using text data. Our results show that CB-SBIT outperforms the original SBIT and SMOTE using varying sizes of network tra ffic data but falls short when compared to TransferBoost using text data.Item Open Access A Comparative Study of Word Embedding Techniques for SMS Spam Detection(IEEE, 2022-12-04) Joseph, Prashob; Yerima, SuleimanE-mail and SMS are the most popular communication tools used by businesses, organizations and educational institutions. Every day, people receive hundreds of messages which could be either spam or ham. Spam is any form of unsolicited, unwanted digital communication, usually sent out in bulk. Spam emails and SMS waste resources by unnecessarily flooding network lines and consuming storage space. Therefore, it is important to develop high accuracy spam detection models to effectively block spam messages, so as to optimize resources and protect users. Various word-embedding techniques such as Bag of Words (BOW), N-grams, TF-IDF, Word2Vec and Doc2Vec have been widely applied to NLP problems, however a comparative study of these techniques for SMS spam detection is currently lacking. Hence, in this paper, we provide a comparative analysis of these popular word embedding techniques for SMS spam detection by evaluating their performance on a publicly available ham and spam dataset. We investigate the performance of the word embedding techniques using 5 different machine learning classifiers i.e. Multinomial Naive Bayes (MNB), KNN, SVM, Random Forest and Extra Trees. Based on the dataset employed in the study, N-gram, BOW and TF-IDF with oversampling recorded the highest F1 scores of 0.99 for ham and 0.94 for spam.Item Open Access Continuous implicit authentication for mobile devices based on adaptive neuro-fuzzy inference system(IEEE, 2017-10-19) Sezer, Sakir; Yao, F.; Yerima, Suleiman; Kang, B.As mobile devices have become indispensable in modern life, mobile security is becoming much more important. Traditional password or PIN-like point-of-entry security measures score low on usability and are vulnerable to brute force and other types of attacks. In order to improve mobile security, an adaptive neuro-fuzzy inference system(ANFIS)-based implicit authentication system is proposed in this paper to provide authentication in a continuous and transparent manner. To illustrate the applicability and capability of ANFIS in our implicit authentication system, experiments were conducted on behavioural data collected for up to 12 weeks from different Android users. The ability of the ANFIS-based system to detect an adversary is also tested with scenarios involving an attacker with varying levels of knowledge. The results demonstrate that ANFIS is a feasible and efficient approach for implicit authentication with an average of 95% user recognition rate. Moreover, the use of ANFIS-based system for implicit authentication significantly reduces manual tuning and configuration tasks due to its self-learning capability.Item Open Access Deep android malware detection(ACM, 2017-03) McLaughlin, Niall; Martinez del Rincon, Jesus; Kang, BooJoong; Yerima, Suleiman; Miller, Paul; Sezer, Sakir; Safaei, Yeganeh; Trickel, Erik; Zhao, Ziming; Doupe, Adam; Gail Joon AhnIn this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.Item Open Access A Deep Learning Approach for Classifying Vulnerability Descriptions Using Self Attention Based Neural Network(Springer, 2021-10-08) Vishnu, P. R.; Vinod, P.; Yerima, SuleimanCyber threat intelligence (CTI) refers to essential knowledge used by organizations to prevent or mitigate against cyber attacks. Vulnerability databases such as CVE and NVD are crucial to cyber threat intelligence, but also provide information leveraged in hundreds of security products worldwide. However, previous studies have shown that these vulnerability databases sometimes contain errors and inconsistencies which have to be manually checked by security professionals. Such inconsistencies could threaten the integrity of security products and hamper attack mitigation efforts. Hence, to assist the security community with more accurate and time-saving validation of vulnerability data, we propose an automated vulnerability classification system based on deep learning. Our proposed system utilizes a self-attention deep neural network (SA-DNN) model and text mining approach to identify the vulnerability category from the description text contained within a report. The performance of the SA-DNN-based vulnerability classification system is evaluated using 134,091 vulnerability reports from the CVE details website. The experiments performed demonstrates the effectiveness of our approach, and shows that the SA-DNN model outperforms SVM and other deep learning methods i.e. CNN-LSTM and graph convolutional neural networks.Item Open Access A Deep Learning based Approach to Android Botnet Detection using Transfer Learning(IEEE, 2022-12-04) Mohammed, Abdul Sami; Seher, Sumayyah; Yerima, Suleiman; Bashar, AbulThe ever-increasing use of mobile phones running the Android OS has created security threats of data breach and botnet-based remote control. To address these challenges, numerous countermeasures have been proposed in the domain of image-based Android Malware Detection (AMD) applying Deep Learning (DL) approaches. This paper proposes, implements and evaluates a solution based on pre-trained CNN models using Transfer Learning feature to identify botnets from the ISCX Android Botnet 2015 dataset. More specifically, we study the performance of 6 prominent pre-trained CNN models namely, MobileNetV2, RestNet101, VGG16, VGG19, InceptionRestNetV2 and DenseNet121, in terms of training accuracies, computation time complexity and testing accuracies. The maximum classification accuracy obtained was 91% for Manifest dataset using the MobileNetV2 model. Also, in terms of computational complexity the MobileNetV2 yielded the lowest training time of 16 ms per sample and testing time of 0.9 ms per sample. In order to improve the testing accuracies we plan to further augment these pre-trained models with larger datasets or fine-tune the model parameters for enhanced performance.Item Open Access Deep Learning Techniques for Android Botnet Detection(MDPI, 2021-02-23) Yerima, Suleiman; Alzaylaee, Mohammed Kadir; Shajan, Annette; P, VinodAndroid is increasingly being targeted by malware since it has become the most popular mobile operating system worldwide. Evasive malware families, such as Chamois, designed to turn Android devices into bots that form part of a larger botnet are becoming prevalent. This calls for more effective methods for detection of Android botnets. Recently, deep learning has gained attention as a machine learning based approach to enhance Android botnet detection. However, studies that extensively investigate the efficacy of various deep learning models for Android botnet detection are currently lacking. Hence, in this paper we present a comparative study of deep learning techniques for Android botnet detection using 6802 Android applications consisting of 1929 botnet applications from the ISCX botnet dataset. We evaluate the performance of several deep learning techniques including: CNN, DNN, LSTM, GRU, CNN-LSTM, and CNN-GRU models using 342 static features derived from the applications. In our experiments, the deep learning models achieved state-of-the-art results based on the ISCX botnet dataset and also outperformed the classical machine learning classifiers.Item Open Access A deep learning-enhanced botnet detection system based on Android manifest text mining(IEEE, 2022-06-06) Yerima, Suleiman; To, YiMinAndroid botnets remain a significant threat to mobile and IoT systems and networks as they continue to infect millions of devices worldwide. Therefore, there is a need to develop more effective solutions to tackle their spread. Hence, in this paper we propose a system for detecting Android botnets through automated text mining of the manifest files obtained from apps. The proposed method utilizes NLP techniques to extract features from the manifest files and a deep learning-based classification model is used to detect botnet applications. The classification model is implemented using CNN and a traditional machine learning classifier such as SVM, Random Forest or KNN. We performed experiments to evaluate the proposed system with 3858 Android applications consisting of 1929 botnet and 1929 benign samples. The results showed the best overall performance with the CNN-SVM hybrid model which had an average accuracy of 96.9% thus outperforming the singular machine learning classifiers.Item Open Access Design and implementation of a measurement-based policy-driven resource management framework for converged networks(2011-06) Yerima, Suleiman; Parr, G.; McClean, S.; Morrow, P.; Sivalingam, K.This paper presents the design and implementation of a measurement-based QoS and resource management framework, CNQF (Converged Networks’ QoS Management Framework). CNQF is designed to provide unified, scalable QoS control and resource management through the use of a policy-based network management paradigm. It achieves this via distributed functional entities that are deployed to co-ordinate the resources of the transport network through centralized policy-driven decisions supported by measurement-based control architecture. We present the CNQF architecture, implementation of the prototype and validation of various inbuilt QoS control mechanisms using real traffic flows on a Linux-based experimental test bed.Item Open Access Detection of Tor traffic using deep learning(ACS/IEEE, 2020-11-05) Sarkar, Debmalya; P., Vinod; Yerima, SuleimanTor, originally known as The Onion Router, is a free software that allows users to communicate anonymously on the Internet. This makes Tor attractive to cyber criminals, and the anonymity provided can be misused by hackers to enable remote control of victim systems. Indeed, a large volume of Tor traffic is used for malicious purposes such as fast port scans, hacking attempts, ex-filtration of stolen credentials, etc. This makes Tor traffic detection an important component of intrusion detection and prevention systems. Hence, in this paper we present a deep neural network (DNN) based system for the detection and classification of encrypted Tor traffic. The system achieved 99.89% accuracy in the classification of Tor and non-Tor traffic on the UNB-CIC Tor network dataset. Experiments conducted for classifying Tor traffic types demonstrated an accuracy of 95.6%, which is 6.2% higher than previous work on the same dataset. Additionally, the robustness of the proposed DNN classifier is evaluated using adversarial samples generated from a Generative Adversarial Network (GAN). We observed that 100% of the adversarial examples were unidentified by the DNN classifiers. Further retraining of the DNN classifiers with adversarial examples eventually improved their robustness against the adversarial attack.Item Open Access DL-Droid: Deep learning based android malware detection using real devices(Elsevier, 2019-11-12) Alzaylaee, Mohammed K.; Yerima, Suleiman; Sezer, SakirThe Android operating system has been the most popular for smartphones and tablets since 2012. This popularity has led to a rapid raise of Android malware in recent years. The sophistication of Android malware obfuscation and detection avoidance methods have significantly improved, making many traditional malware detection methods obsolete. In this paper, we propose DL-Droid, a deep learning system to detect malicious Android applications through dynamic analysis using stateful input generation. Experiments performed with over 30,000 applications (benign and malware) on real devices are presented. Furthermore, experiments were also conducted to compare the detection performance and code coverage of the stateful input generation method with the commonly used stateless approach using the deep learning system. Our study reveals that DL-Droid can achieve up to 97.8% detection rate (with dynamic features only) and 99.6% detection rate (with dynamic + static features) respectively which outperforms traditional machine learning techniques. Furthermore, the results highlight the significance of enhanced input generation for dynamic analysis as DL-Droid with the state-based input generation is shown to outperform the existing state-of-the-art approaches.Item Open Access DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection(IEEE, 2018-01-03) Yerima, Suleiman; Sezer, SakirAndroid malware has continued to grow in volume and complexity posing significant threats to the security of mobile devices and the services they enable. This has prompted increasing interest in employing machine learning to improve Android malware detection. In this paper, we present a novel classifier fusion approach based on a multilevel architecture that enables effective combination of machine learning algorithms for improved accuracy. The framework (called DroidFusion), generates a model by training base classifiers at a lower level and then applies a set of ranking-based algorithms on their predictive accuracies at the higher level in order to derive a final classifier. The induced multilevel DroidFusion model can then be utilized as an improved accuracy predictor for Android malware detection. We present experimental results on four separate datasets to demonstrate the effectiveness of our proposed approach. Furthermore, we demonstrate that the DroidFusion method can also effectively enable the fusion of ensemble learning algorithms for improved accuracy. Finally, we show that the prediction accuracy of DroidFusion, despite only utilizing a computational approach in the higher level, can outperform stacked generalization, a well-known classifier fusion method that employs a meta-classifier approach in its higher level.Item Open Access Dynalog: An Automated Dynamic Analysis Framework for Characterizing Android Applications(IEEE, 2016-06) Alzaylaee, M.K.; Yerima, Suleiman; Sezer, SakirAndroid is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.Item Open Access Dynamic Buffer Management for Multimedia QoS in Beyond 3G Wireless Networks(IAENG, 2009-11-19) Yerima, Suleiman; Al-Begain, K.This paper investigates a dynamic buffer management scheme for QoS control of multimedia services in beyond 3G wireless systems. The scheme is studied in the context of the state-of-the-art 3.5G system i.e. the High Speed Downlink Packet Access (HSDPA) which enhances 3G UMTS to support high-speed packet switched services. Unlike earlier systems, UMTS-evolved systems from HSDPA and beyond incorporate mechanisms such as packet scheduling and HARQ in the base station necessitating data buffering at the air interface. This introduces a potential bottleneck to end-to-end communication. Hence, buffer management at the air interface is crucial for end-to-end QoS support of multimedia services with multiplexed parallel diverse flows such as video and data in the same end-user session. The dynamic buffer management scheme for HSDPA multimedia sessions with aggregated real-time and non real-time flows is investigated via extensive HSDPA simulations. The impact of the scheme on end-to-end traffic performance is evaluated with an example multimedia session comprising a real-time streaming flow concurrent with TCP-based non real-time flow. Results demonstrate that the scheme can guarantee the end-to-end QoS of the real-time streaming flow, whilst simultaneously protecting the non real-time flow from starvation resulting in improved end-to-end throughput performance.
- «
- 1 (current)
- 2
- 3
- »