| 1. |
- Hussain, Syed Asad, et al.
(author)
-
Multilevel classification of security concerns in cloud computing
- 2017
-
In: Applied Computing and Informatics. - : Elsevier B.V.. - 2210-8327. ; 13:1, s. 57-65
-
Journal article (peer-reviewed)abstract
- Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider. © 2016 King Saud University
|
|
| 2. |
- Shahid, Muhammad, et al.
(author)
-
Selection of a Graduate Thesis Topic in a Multicultural Educational Environment
- 2013
-
Conference paper (peer-reviewed)abstract
- This article presents a case study, performed at Blekinge Institute of Technology (BTH), Sweden, about the topic selection routines for a graduate thesis. The study focuses on the international graduate students who are having different academic cultures of their respective countries. Given that BTH has succeeded in the provision of an academic environment that has been efficient in absorbing different academic cultures in a productive manner at a reasonably good scale. However, in a multi-cultural educational environment, it is a challenge for most international students to adapt to the new academic culture and select the graduate thesis topic according to their real potential. Our findings gathered through an online survey, questionnaire, and focus group discussion is presented. The conclusions indicate, albeit, BTH has well defined routines for the thesis selection, the international graduate students face problems at the stage of thesis selection. The article concludes with suggestions to refine the thesis selection process at the micro level to help both students and staff.
|
|
| 3. |
|
|
| 4. |
- Shahzad, Raja Khurram, et al.
(author)
-
Accurate Adware Detection using Opcode Sequence Extraction
- 2011
-
Conference paper (peer-reviewed)abstract
- Adware represents a possible threat to the security and privacy of computer users. Traditional signature-based and heuristic-based methods have not been proven to be successful at detecting this type of software. This paper presents an adware detection approach based on the application of data mining on disassembled code. The main contributions of the paper is a large publicly available adware data set, an accurate adware detection algorithm, and an extensive empirical evaluation of several candidate machine learning techniques that can be used in conjunction with the algorithm. We have extracted sequences of opcodes from adware and benign software and we have then applied feature selection, using different configurations, to obtain 63 data sets. Six data mining algorithms have been evaluated on these data sets in order to find an efficient and accurate detector. Our experimental results show that the proposed approach can be used to accurately detect both novel and known adware instances even though the binary difference between adware and legitimate software is usually small.
|
|
| 5. |
- Shahzad, Raja Khurram
(author)
-
Android malware detection using feature fusion and artificial data
- 2018
-
In: 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE 16th International Conference on Pervasive Intelligence and Computing, IEEE 4th International Conference on Big Data Intelligence and Computing and IEEE 3rd Cyber Science and Technology Congress, DASC-PICom-DataCom-CyberSciTec. - : Institute of Electrical and Electronics Engineers (IEEE). - 9781538675182 ; , s. 702-709
-
Conference paper (peer-reviewed)abstract
- For the Android malware detection / classification anti-malware community has relied on traditional malware detection methods as a countermeasure. However, traditional detection methods are developed for detecting the computer malware, which is different from Android malware in structure and characteristics. Thus, they may not be useful for Android malware detection. Moreover, majority of suggested detection approaches may not be generalized and are incapable of detecting zero-day malware due to different reasons such as available data set with specific set of examples. Thus, their detection accuracy may be questionable. To address this problem, this paper presents a malware classification approach with a reliable detection accuracy and evaluate the approach using artificially generated examples. The suggested approach generates the signature profiles and behavior profiles of each application in the data set, which are further used as input for the classification task. For improving the detection accuracy, feature fusion of features from filter methods and wrapper method and algorithm fusion is investigated. Without affecting the detection accuracy, the optimal balance between real world examples and synthetic examples is also investigated. The experimental results suggest that both AUC and F1 can be obtained up to 0.94 for both known and unknown malware using original examples and synthetic examples.
|
|
| 6. |
- Shahzad, Raja Khurram, et al.
(author)
-
Comparative Analysis of Voting Schemes for Ensemble-based Malware Detection
- 2013
-
In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. - : Innovative Information Science & Technology Research Group. - 2093-5374 .- 2093-5382. ; 4:1, s. 98-117
-
Journal article (peer-reviewed)abstract
- Malicious software (malware) represents a threat to the security and the privacy of computer users. Traditional signature-based and heuristic-based methods are inadequate for detecting some forms of malware. This paper presents a malware detection method based on supervised learning. The main contributions of the paper are two ensemble learning algorithms, two pre-processing techniques, and an empirical evaluation of the proposed algorithms. Sequences of operational codes are extracted as features from malware and benign files. These sequences are used to create three different data sets with different configurations. A set of learning algorithms is evaluated on the data sets. The predictions from the learning algorithms are combined by an ensemble algorithm. The predicted outcome of the ensemble algorithm is decided on the basis of voting. The experimental results show that the veto approach can accurately detect both novel and known malware instances with the higher recall in comparison to majority voting, however, the precision of the veto voting is lower than the majority voting. The veto voting is further extended as trust-based veto voting. A comparison of the majority voting, the veto voting, and the trust-based veto voting is performed. The experimental results indicate the suitability of each voting scheme for detecting a particular class of software. The experimental results for the composite F1-measure indicate that the majority voting is slightly better than the trusted veto voting while the trusted veto is significantly better than the veto classifier.
|
|
| 7. |
- Shahzad, Raja Khurram, et al.
(author)
-
Consensus decision making in random forests
- 2015
-
In: Revised Selected Papers of the First International Workshop on Machine Learning, Optimization, and Big Data. - Cham : Springer International Publishing. ; , s. 347-358
-
Conference paper (peer-reviewed)abstract
- The applications of Random Forests, an ensemble learner, are investigated in different domains including malware classification. Random Forests uses the majority rule for the outcome, however, a decision from the majority rule faces different challenges such as the decision may not be representative or supported by all trees in Random Forests. To address such problems and increase accuracy in decisions, a consensus decision making (CDM) is suggested. The decision mechanism of Random Forests is replaced with the CDM. The updated Random Forests algorithm is evaluated mainly on malware data sets, and results are compared with unmodified Random Forests. The empirical results suggest that the proposed Random Forests, i.e., with CDM performs better than the original Random Forests.
|
|
| 8. |
- Shahzad, Raja Khurram, et al.
(author)
-
Detecting Scareware by Mining Variable Length Instruction Sequences
- 2011
-
Conference paper (peer-reviewed)abstract
- Scareware is a recent type of malicious software that may pose financial and privacy-related threats to novice users. Traditional countermeasures, such as anti-virus software, require regular updates and often lack the capability of detecting novel (unseen) instances. This paper presents a scareware detection method that is based on the application of machine learning algorithms to learn patterns in extracted variable length opcode sequences derived from instruction sequences of binary files. The patterns are then used to classify software as legitimate or scareware but they may also reveal interpretable behavior that is unique to either type of software. We have obtained a large number of real world scareware applications and designed a data set with 550 scareware instances and 250 benign instances. The experimental results show that several common data mining algorithms are able to generate accurate models from the data set. The Random Forest algorithm is shown to outperform the other algorithms in the experiment. Essentially, our study shows that, even though the differences between scareware and legitimate software are subtler than between, say, viruses and legitimate software, the same type of machine learning approach can be used in both of these dissimilar cases.
|
|
| 9. |
- Shahzad, Raja Khurram, et al.
(author)
-
Detection of Spyware by Mining Executable Files
- 2010
-
Conference paper (peer-reviewed)abstract
- Spyware represents a serious threat to confidentiality since it may result in loss of control over private data for computer users. This type of software might collect the data and send it to a third party without informed user consent. Traditionally two approaches have been presented for the purpose of spyware detection: Signature-based Detection and Heuristic-based Detection. These approaches perform well against known Spyware but have not been proven to be successful at detecting new spyware. This paper presents a Spyware detection approach by using Data Mining (DM) technologies. Our approach is inspired by DM-based malicious code detectors, which are known to work well for detecting viruses and similar software. However, this type of detector has not been investigated in terms of how well it is able to detect spyware. We extract binary features, called n-grams, from both spyware and legitimate software and apply five different supervised learning algorithms to train classifiers that are able to classify unknown binaries by analyzing extracted n-grams. The experimental results suggest that our method is successful even when the training data is scarce.
|
|
| 10. |
- Shahzad, Raja Khurram, et al.
(author)
-
Extended Abstract : Detecting Scareware by Mining Variable Length Instruction Sequences
- 2011
-
Conference paper (peer-reviewed)abstract
- This paper presents a scareware detection method that is based on performing data mining on extracted variable length opcode sequences derived from instruction sequences of binary files. Our experimental results show that many common supervised learning algorithms generate accurate models from subsets of our data set.
|
|
| 11. |
- Shahzad, Raja Khurram, et al.
(author)
-
FAMS : A Formative Assessment Management System for Generating Individualised Feedback
- 2023
-
In: Responsive and Sustainable Educational Futures. - : Springer. - 9783031426827 ; , s. 642-647
-
Conference paper (peer-reviewed)abstract
- Virtual learning environments offer new possibilities for technology enhanced teaching and learning, but providing rapid, individualised feedback for complex assignments in large student groups remains challenging. This paper presents a Formative Assessment Management System (FAMS), a computer-based tool for teachers to generate written feedback at scale with minimal overhead. FAMS leverages archived feedback fragments and thematic identifiers to create pertinent feedback while consistently maintaining quality and fairness. The system has been implemented in programming courses and yielded promising results, including reduced feedback delivery time and maintained feedback quality. Future research will evaluate FAMS from student and teacher perspectives, conforming to educational action research, continuous quality improvements, and investigating correlations between aspect-based assessment and learning outcomes.
|
|
| 12. |
- Shahzad, Raja Khurram, et al.
(author)
-
Veto-based Malware Detection
- 2012
-
Conference paper (peer-reviewed)abstract
- Malicious software (malware) represents a threat to the security and privacy of computer users. Traditional signature-based and heuristic-based methods are unsuccessful in detecting some forms of malware. This paper presents a malware detection approach based on supervised learning. The main contributions of the paper are an ensemble learning algorithm, two pre-processing techniques, and an empirical evaluation of the proposed algorithm. Sequences of operational codes are extracted as features from malware and benign files. These sequences are used to produce three different data sets with different configurations. A set of learning algorithms is evaluated on the data sets and the predictions are combined by the ensemble algorithm. The predicted output is decided on the basis of veto voting. The experimental results show that the approach can accurately detect both novel and known malware instances with higher recall in comparison to majority voting.
|
|
| 13. |
- Shahzad, Raja Muhammad Khurram
(author)
-
Automated Malware Detection and Classification Using Supervised Learning
- 2024
-
Doctoral thesis (other academic/artistic)abstract
- Malware has been one of the key concerns for Information Technology security researchers for decades. Every year, anti-malware companies release alarming statistics suggesting a continuous increase in the number and types of malware. This is mainly due to the constant development of new and more sophisticated malicious functionalities, propagation vectors, and infection tactics for malware. To combat this ever-evolving threat, anti-malware companies analyze thousands of malicious samples on a daily basis, either manually or through semi-automated means, to identify their type (whether it's a variant or zero-day) and family. After the analysis, signature databases or rule databases of anti-malware products are updated in order to detect known malware. However, due to the ever-growing capabilities of malware, the malware analysis process is challenging and requires significant human effort. As a result, researchers are focusing on data-driven approaches based on machine learning to develop intelligent malware detectors with high accuracy. Specifically, they are focused on extracting static features from malware in the form of n-grams for experimental purposes. However, the previous research is inconclusive in terms of optimal feature representation and detection accuracy.The primary objective of this thesis is to present state-of-the-art automated techniques for detecting and classifying malware using supervised learning algorithms. In particular, the focus is on two critical aspects of supervised learning-based malware detection: optimal feature representation and improved detection accuracy. Malware detection can be accomplished using two methods: static analysis, which extracts patterns without executing malware, and dynamic analysis, which captures behaviors through executing malware. This thesis focuses on static analysis instead of dynamic analysis because static analysis requires fewer computing resources. An additional benefit of static analysis is that present-day malware cannot evade it. To achieve the goals of this thesis, two new feature representations for static analysis are proposed. Furthermore, three customized ensembles are introduced to enhance malware detection accuracy, and their feasibility is experimentally demonstrated. The experiments incorporate customized malware data sets including Spyware, Adware, Scareware, and Android malware samples, and public malware data sets from Microsoft's having samples from nine distinct malware families. Artificially generated data sets are employed to mitigate class imbalance issues and represent inter-family and intra-family examples. Reverse engineering is performed to transform the data sets as feature data sets using both byte code and assembly language instructions. Further, existing and new feature representations along with various feature selection algorithms and feature fusion techniques are explored. To enhance detection accuracy, different decision theories from social choice theory, such as veto and consensus, are integrated into customized ensembles. The experimental results indicate that the proposed methods are capable of detecting known and zero-day malware. The proposed ensembles are also tested on the UCI public data sets, such as Forest CoverType, and the results demonstrate their effectiveness in classification. Further, these methods are designed to be portable and adaptable to different operating systems, and they can also be scaled for multi-class malware detection.
|
|
| 14. |
- Shahzad, Raja Muhammad Khurram
(author)
-
Classification of Potentially Unwanted Programs Using Supervised Learning
- 2013
-
Licentiate thesis (other academic/artistic)abstract
- Malicious software authors have shifted their focus from illegal and clearly malicious software to potentially unwanted programs (PUPs) to earn revenue. PUPs blur the border between legitimate and illegitimate programs and thus fall into a grey zone. Existing anti-virus and anti-spyware software are in many instances unable to detect previously unseen or zero-day attacks and separate PUPs from legitimate software. Many tools also require frequent updates to be effective. By predicting the class of particular piece of software, users can get support before taking the decision to install the software. This Licentiate thesis introduces approaches to distinguish PUP from legitimate software based on the supervised learning of file features represented as n-grams. The overall research method applied in this thesis is experiments. For these experiments, malicious software applications were obtained from anti-malware industrial partners. The legitimate software applications were collected from various online repositories. The general steps of supervised learning, from data preparation (n-gram generation) to evaluation were, followed. Different data representations, such as byte codes and operation codes, with different configurations, such as fixed-size, variable-length, and overlap, were investigated to generate different n-gram sizes. The experimental variables were controlled to measure the correlation between n-gram size, the number of features required for optimal training, and classifier performance. The thesis results suggest that, despite the subtle difference between legitimate software and PUP, this type of software can be classified accurately with a low false positive and false negative rate. The thesis results further suggest an optimal size of operation code-based n-grams for data representation. Finally, the results indicate that classification accuracy can be increased by using a customized ensemble learner that makes use of multiple representations of the data set. The investigated approaches can be implemented as a software tool with a less frequently required update in comparison to existing commercial tools.
|
|
| 15. |
- Shao, Borong, et al.
(author)
-
A mixture-of-experts approach for gene regulatory network inference
- 2016
-
In: International Journal of Data Mining and Bioinformatics. - : InderScience Publishers. - 1748-5673 .- 1748-5681. ; 14:3, s. 258-275
-
Journal article (peer-reviewed)abstract
- Gene regulatory network (GRN) inference is an important problem in bioinformatics. Many machine learning methods have been applied to increase the inference accuracy. Ensemble learning methods are shown in DREAM3 and DREAM5 challenges to yield a higher inference accuracy than individual algorithms. However, no ensemble method has been proposed to take advantage of the complementarity among existing algorithms from the perspective of network motifs. We propose an ensemble method based on the principle of Mixture-of-Experts ensemble learning. The method can quantitatively evaluate the accuracy of individual algorithms on predicting each type of the network motifs and assign weights to the algorithms accordingly. The individual predictions are then used to generate the ensemble prediction. By performing controlled experiments and statistical tests, the proposed ensemble method is shown to yield a significantly higher accuracy than the generic average ranking method used in the DREAM5 challenge. In addition, a new type of network motif is found in GRN, the inclusion of which can increase the accuracy of the proposed method significantly.
|
|
