-
A Federated Learning Approach for Multi-stage Threat Analysis in Advanced Persistent Threat Campaigns
Authors:
Florian Nelles,
Abbas Yazdinejad,
Ali Dehghantanha,
Reza M. Parizi,
Gautam Srivastava
Abstract:
Multi-stage threats like advanced persistent threats (APT) pose severe risks by stealing data and destroying infrastructure, with detection being challenging. APTs use novel attack vectors and evade signature-based detection by obfuscating their network presence, often going unnoticed due to their novelty. Although machine learning models offer high accuracy, they still struggle to identify true A…
▽ More
Multi-stage threats like advanced persistent threats (APT) pose severe risks by stealing data and destroying infrastructure, with detection being challenging. APTs use novel attack vectors and evade signature-based detection by obfuscating their network presence, often going unnoticed due to their novelty. Although machine learning models offer high accuracy, they still struggle to identify true APT behavior, overwhelming analysts with excessive data. Effective detection requires training on multiple datasets from various clients, which introduces privacy issues under regulations like GDPR. To address these challenges, this paper proposes a novel 3-phase unsupervised federated learning (FL) framework to detect APTs. It identifies unique log event types, extracts suspicious patterns from related log events, and orders them by complexity and frequency. The framework ensures privacy through a federated approach and enhances security using Paillier's partial homomorphic encryption. Tested on the SoTM 34 dataset, our framework compares favorably against traditional methods, demonstrating efficient pattern extraction and analysis from log files, reducing analyst workload, and maintaining stringent data privacy. This approach addresses significant gaps in current methodologies, offering a robust solution to APT detection in compliance with privacy laws.
△ Less
Submitted 18 June, 2024;
originally announced June 2024.
-
Uncovering Promises and Challenges of Federated Learning to Detect Cardiovascular Diseases: A Sco** Literature Review
Authors:
Sricharan Donkada,
Seyedamin Pouriyeh,
Reza M. Parizi,
Meng Han,
Nasrin Dehbozorgi,
Nazmus Sakib,
Quan Z. Sheng
Abstract:
Cardiovascular diseases (CVD) are the leading cause of death globally, and early detection can significantly improve outcomes for patients. Machine learning (ML) models can help diagnose CVDs early, but their performance is limited by the data available for model training. Privacy concerns in healthcare make it harder to acquire data to train accurate ML models. Federated learning (FL) is an emerg…
▽ More
Cardiovascular diseases (CVD) are the leading cause of death globally, and early detection can significantly improve outcomes for patients. Machine learning (ML) models can help diagnose CVDs early, but their performance is limited by the data available for model training. Privacy concerns in healthcare make it harder to acquire data to train accurate ML models. Federated learning (FL) is an emerging approach to machine learning that allows models to be trained on data from multiple sources without compromising the privacy of the individual data owners. This survey paper provides an overview of the current state-of-the-art in FL for CVD detection. We review the different FL models proposed in various papers and discuss their advantages and challenges. We also compare FL with traditional centralized learning approaches and highlight the differences in terms of model accuracy, privacy, and data distribution handling capacity. Finally, we provide a critical analysis of FL's current challenges and limitations for CVD detection and discuss potential avenues for future research. Overall, this survey paper aims to provide a comprehensive overview of the current state-of-the-art in FL for CVD detection and to highlight its potential for improving the accuracy and privacy of CVD detection models.
△ Less
Submitted 25 August, 2023;
originally announced August 2023.
-
AI in Software Engineering: A Survey on Project Management Applications
Authors:
Talia Crawford,
Scott Duong,
Richard Fueston,
Ayorinde Lawani,
Samuel Owoade,
Abel Uzoka,
Reza M. Parizi,
Abbas Yazdinejad
Abstract:
Artificial Intelligence (AI) refers to the intelligence demonstrated by machines, and within the realm of AI, Machine Learning (ML) stands as a notable subset. ML employs algorithms that undergo training on data sets, enabling them to carry out specific tasks autonomously. Notably, AI holds immense potential in the field of software engineering, particularly in project management and planning. In…
▽ More
Artificial Intelligence (AI) refers to the intelligence demonstrated by machines, and within the realm of AI, Machine Learning (ML) stands as a notable subset. ML employs algorithms that undergo training on data sets, enabling them to carry out specific tasks autonomously. Notably, AI holds immense potential in the field of software engineering, particularly in project management and planning. In this literature survey, we explore the use of AI in Software Engineering and summarize previous works in this area. We first review eleven different publications related to this subject, then compare the surveyed works. We then comment on the possible challenges present in the utilization of AI in software engineering and suggest possible further research avenues and the ways in which AI could evolve with software engineering in the future.
△ Less
Submitted 27 July, 2023;
originally announced July 2023.
-
Privacy-Enhancing Technologies in Federated Learning for the Internet of Healthcare Things: A Survey
Authors:
Fatemeh Mosaiyebzadeh,
Seyedamin Pouriyeh,
Reza M. Parizi,
Quan Z. Sheng,
Meng Han,
Liang Zhao,
Giovanna Sannino,
Daniel MacĂȘdo Batista
Abstract:
Advancements in wearable medical devices in IoT technology are sha** the modern healthcare system. With the emergence of the Internet of Healthcare Things (IoHT), we are witnessing how efficient healthcare services are provided to patients and how healthcare professionals are effectively used AI-based models to analyze the data collected from IoHT devices for the treatment of various diseases. T…
▽ More
Advancements in wearable medical devices in IoT technology are sha** the modern healthcare system. With the emergence of the Internet of Healthcare Things (IoHT), we are witnessing how efficient healthcare services are provided to patients and how healthcare professionals are effectively used AI-based models to analyze the data collected from IoHT devices for the treatment of various diseases. To avoid privacy breaches, these data must be processed and analyzed in compliance with the legal rules and regulations such as HIPAA and GDPR. Federated learning is a machine leaning based approach that allows multiple entities to collaboratively train a ML model without sharing their data. This is particularly useful in the healthcare domain where data privacy and security are big concerns. Even though FL addresses some privacy concerns, there is still no formal proof of privacy guarantees for IoHT data. Privacy Enhancing Technologies (PETs) are a set of tools and techniques that are designed to enhance the privacy and security of online communications and data sharing. PETs provide a range of features that help protect users' personal information and sensitive data from unauthorized access and tracking. This paper reviews PETs in detail and comprehensively in relation to FL in the IoHT setting and identifies several key challenges for future research.
△ Less
Submitted 25 March, 2023;
originally announced March 2023.
-
Blockchain Education: Current State, Limitations, Career Scope, Challenges, and Future Directions
Authors:
Rizwan Patan,
Reza M. Parizi,
Mohsen Dorodchi,
Seyedamin Pouriyeh,
Audrey Rorrer
Abstract:
Blockchain is a revolutionary technology, and its growth started in various industries (such as IT, education, business, banking, and many others) to capitalize on it. Currently, in higher education institutions (HEIs) adoption of blockchain education needs to be improved in the academic programs and curriculums. In addition, HEIs must make many intense changes in the teaching and learning methods…
▽ More
Blockchain is a revolutionary technology, and its growth started in various industries (such as IT, education, business, banking, and many others) to capitalize on it. Currently, in higher education institutions (HEIs) adoption of blockchain education needs to be improved in the academic programs and curriculums. In addition, HEIs must make many intense changes in the teaching and learning methods to educate learners about blockchain technology and its applications to meet the current industry workforce demand. Due to a lack of academic programs and courses, students nowadays rely on online resources and pay non-academic organizations a high fee. This paper provides a comprehensive survey of blockchain education's current state of the art by reviewing the different academic programs and industry workforce demand. In addition, blockchain application trends which include market growth and demands are discussed. Moreover, the blockchain career scope for different disciplines of students is examined.
△ Less
Submitted 19 January, 2023;
originally announced January 2023.
-
Crypto Makes AI Evolve
Authors:
Behrouz Zolfaghari,
Elnaz Rabieinejad,
Abbas Yazdinejad,
Reza M. Parizi,
Ali Dehghantanha
Abstract:
Adopting cryptography has given rise to a significant evolution in Artificial Intelligence (AI). This paper studies the path and stages of this evolution. We start with reviewing existing relevant surveys, noting their shortcomings, especially the lack of a close look at the evolution process and solid future roadmap. These shortcomings justify the work of this paper. Next, we identify, define and…
▽ More
Adopting cryptography has given rise to a significant evolution in Artificial Intelligence (AI). This paper studies the path and stages of this evolution. We start with reviewing existing relevant surveys, noting their shortcomings, especially the lack of a close look at the evolution process and solid future roadmap. These shortcomings justify the work of this paper. Next, we identify, define and discuss five consequent stages in the evolution path, including Crypto-Sensitive AI, Crypto-Adapted AI, Crypto-Friendly AI, Crypto-Enabled AI, Crypto-Protected AI. Then, we establish a future roadmap for further research in this area, focusing on the role of quantum-inspired and bio-inspired AI.
△ Less
Submitted 25 June, 2022;
originally announced June 2022.
-
Block Hunter: Federated Learning for Cyber Threat Hunting in Blockchain-based IIoT Networks
Authors:
Abbas Yazdinejad,
Ali Dehghantanha,
Reza M. Parizi,
Mohammad Hammoudeh,
Hadis Karimipour,
Gautam Srivastava
Abstract:
Nowadays, blockchain-based technologies are being developed in various industries to improve data security. In the context of the Industrial Internet of Things (IIoT), a chain-based network is one of the most notable applications of blockchain technology. IIoT devices have become increasingly prevalent in our digital world, especially in support of develo** smart factories. Although blockchain i…
▽ More
Nowadays, blockchain-based technologies are being developed in various industries to improve data security. In the context of the Industrial Internet of Things (IIoT), a chain-based network is one of the most notable applications of blockchain technology. IIoT devices have become increasingly prevalent in our digital world, especially in support of develo** smart factories. Although blockchain is a powerful tool, it is vulnerable to cyber attacks. Detecting anomalies in blockchain-based IIoT networks in smart factories is crucial in protecting networks and systems from unexpected attacks. In this paper, we use Federated Learning (FL) to build a threat hunting framework called Block Hunter to automatically hunt for attacks in blockchain-based IIoT networks. Block Hunter utilizes a cluster-based architecture for anomaly detection combined with several machine learning models in a federated environment. To the best of our knowledge, Block Hunter is the first federated threat hunting model in IIoT networks that identifies anomalous behavior while preserving privacy. Our results prove the efficiency of the Block Hunter in detecting anomalous activities with high accuracy and minimum required bandwidth.
△ Less
Submitted 20 April, 2022;
originally announced April 2022.
-
Fairness in Federated Learning for Spatial-Temporal Applications
Authors:
Afra Mashhadi,
Alex Kyllo,
Reza M. Parizi
Abstract:
Federated learning involves training statistical models over remote devices such as mobile phones while kee** data localized. Training in heterogeneous and potentially massive networks introduces opportunities for privacy-preserving data analysis and diversifying these models to become more inclusive of the population. Federated learning can be viewed as a unique opportunity to bring fairness an…
▽ More
Federated learning involves training statistical models over remote devices such as mobile phones while kee** data localized. Training in heterogeneous and potentially massive networks introduces opportunities for privacy-preserving data analysis and diversifying these models to become more inclusive of the population. Federated learning can be viewed as a unique opportunity to bring fairness and parity to many existing models by enabling model training to happen on a diverse set of participants and on data that is generated regularly and dynamically. In this paper, we discuss the current metrics and approaches that are available to measure and evaluate fairness in the context of spatial-temporal models. We propose how these metrics and approaches can be re-defined to address the challenges that are faced in the federated learning setting.
△ Less
Submitted 19 January, 2022; v1 submitted 17 January, 2022;
originally announced January 2022.
-
Communication Efficiency in Federated Learning: Achievements and Challenges
Authors:
Osama Shahid,
Seyedamin Pouriyeh,
Reza M. Parizi,
Quan Z. Sheng,
Gautam Srivastava,
Liang Zhao
Abstract:
Federated Learning (FL) is known to perform Machine Learning tasks in a distributed manner. Over the years, this has become an emerging technology especially with various data protection and privacy policies being imposed FL allows performing machine learning tasks whilst adhering to these challenges. As with the emerging of any new technology, there are going to be challenges and benefits. A chal…
▽ More
Federated Learning (FL) is known to perform Machine Learning tasks in a distributed manner. Over the years, this has become an emerging technology especially with various data protection and privacy policies being imposed FL allows performing machine learning tasks whilst adhering to these challenges. As with the emerging of any new technology, there are going to be challenges and benefits. A challenge that exists in FL is the communication costs, as FL takes place in a distributed environment where devices connected over the network have to constantly share their updates this can create a communication bottleneck. In this paper, we present a survey of the research that is performed to overcome the communication constraints in an FL setting.
△ Less
Submitted 22 July, 2021;
originally announced July 2021.
-
A Survey of Machine Learning Techniques in Adversarial Image Forensics
Authors:
Ehsan Nowroozi,
Ali Dehghantanha,
Reza M. Parizi,
Kim-Kwang Raymond Choo
Abstract:
Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning…
▽ More
Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning-based approaches, for example how to detect adversarial (image) examples, with real-world consequences (e.g., inadmissible evidence, or wrongful conviction). Therefore, with a focus on image forensics, this paper surveys techniques that can be used to enhance the robustness of machine learning-based binary manipulation detectors in various adversarial scenarios.
△ Less
Submitted 19 October, 2020;
originally announced October 2020.
-
Machine Learning Research Towards Combating COVID-19: Virus Detection, Spread Prevention, and Medical Assistance
Authors:
Osama Shahid,
Mohammad Nasajpour,
Seyedamin Pouriyeh,
Reza M. Parizi,
Meng Han,
Maria Valero,
Fangyu Li,
Mohammed Aledhari,
Quan Z. Sheng
Abstract:
COVID-19 was first discovered in December 2019 and has continued to rapidly spread across countries worldwide infecting thousands and millions of people. The virus is deadly, and people who are suffering from prior illnesses or are older than the age of 60 are at a higher risk of mortality. Medicine and Healthcare industries have surged towards finding a cure, and different policies have been amen…
▽ More
COVID-19 was first discovered in December 2019 and has continued to rapidly spread across countries worldwide infecting thousands and millions of people. The virus is deadly, and people who are suffering from prior illnesses or are older than the age of 60 are at a higher risk of mortality. Medicine and Healthcare industries have surged towards finding a cure, and different policies have been amended to mitigate the spread of the virus. While Machine Learning (ML) methods have been widely used in other domains, there is now a high demand for ML-aided diagnosis systems for screening, tracking, and predicting the spread of COVID-19 and finding a cure against it. In this paper, we present a journey of what role ML has played so far in combating the virus, mainly looking at it from a screening, forecasting, and vaccine perspectives. We present a comprehensive survey of the ML algorithms and models that can be used on this expedition and aid with battling the virus.
△ Less
Submitted 29 September, 2020;
originally announced October 2020.
-
A Federated Approach for Fine-Grained Classification of Fashion Apparel
Authors:
Tejaswini Mallavarapu,
Luke Cranfill,
Junggab Son,
Eun Hye Kim,
Reza M. Parizi,
John Morris
Abstract:
As online retail services proliferate and are pervasive in modern lives, applications for classifying fashion apparel features from image data are becoming more indispensable. Online retailers, from leading companies to start-ups, can leverage such applications in order to increase profit margin and enhance the consumer experience. Many notable schemes have been proposed to classify fashion items,…
▽ More
As online retail services proliferate and are pervasive in modern lives, applications for classifying fashion apparel features from image data are becoming more indispensable. Online retailers, from leading companies to start-ups, can leverage such applications in order to increase profit margin and enhance the consumer experience. Many notable schemes have been proposed to classify fashion items, however, the majority of which focused upon classifying basic-level categories, such as T-shirts, pants, skirts, shoes, bags, and so forth. In contrast to most prior efforts, this paper aims to enable an in-depth classification of fashion item attributes within the same category. Beginning with a single dress, we seek to classify the type of dress hem, the hem length, and the sleeve length. The proposed scheme is comprised of three major stages: (a) localization of a target item from an input image using semantic segmentation, (b) detection of human key points (e.g., point of shoulder) using a pre-trained CNN and a bounding box, and (c) three phases to classify the attributes using a combination of algorithmic approaches and deep neural networks. The experimental results demonstrate that the proposed scheme is highly effective, with all categories having average precision of above 93.02%, and outperforms existing Convolutional Neural Networks (CNNs)-based schemes.
△ Less
Submitted 27 August, 2020;
originally announced August 2020.
-
On Security Measures for Containerized Applications Imaged with Docker
Authors:
Samuel P. Mullinix,
Erikton Konomi,
Renee Davis Townsend,
Reza M. Parizi
Abstract:
Linux containers have risen in popularity in the last few years, making their way to commercial IT service offerings (such as PaaS), application deployments, and Continuous Delivery/Integration pipelines within various development teams. Along with the wide adoption of Docker, security vulnerabilities and concerns have also surfaced. In this survey, we examine the state of security for the most po…
▽ More
Linux containers have risen in popularity in the last few years, making their way to commercial IT service offerings (such as PaaS), application deployments, and Continuous Delivery/Integration pipelines within various development teams. Along with the wide adoption of Docker, security vulnerabilities and concerns have also surfaced. In this survey, we examine the state of security for the most popular container system at the moment: Docker. We will also look into its origins stemming from the Linux technologies built into the OS itself; examine intrinsic vulnerabilities, such as the Docker Image implementation; and provide an analysis of current tools and modern methodologies used in the field to evaluate and enhance its security. For each section, we pinpoint metrics of interest, as they have been revealed by researchers and experts in the domain and summarize their findings to paint a holistic picture of the efforts behind those findings. Lastly, we look at tools utilized in the industry to streamline Docker security scanning and analytics which provide built-in aggregation of key metrics.
△ Less
Submitted 11 August, 2020;
originally announced August 2020.
-
Internet of Things for Current COVID-19 and Future Pandemics: An Exploratory Study
Authors:
Mohammad Nasajpour,
Seyedamin Pouriyeh,
Reza M. Parizi,
Mohsen Dorodchi,
Maria Valero,
Hamid R. Arabnia
Abstract:
In recent years, the Internet of Things (IoT) has drawn convincing research ground as a new research topic in a wide variety of academic and industrial disciplines, especially in healthcare. The IoT revolution is resha** modern healthcare systems by incorporating technological, economic, and social prospects. It is evolving healthcare systems from conventional to more personalized healthcare sys…
▽ More
In recent years, the Internet of Things (IoT) has drawn convincing research ground as a new research topic in a wide variety of academic and industrial disciplines, especially in healthcare. The IoT revolution is resha** modern healthcare systems by incorporating technological, economic, and social prospects. It is evolving healthcare systems from conventional to more personalized healthcare systems through which patients can be diagnosed, treated, and monitored more easily. The current global challenge of the pandemic caused by the novel severe contagious respiratory syndrome coronavirus 2 presents the greatest global public health crisis since the pandemic influenza outbreak of 1918. At the time this paper was written, the number of diagnosed COVID-19 cases around the world had reached more than 31 million. Since the pandemic started, there has been a rapid effort in different research communities to exploit a wide variety of technologies to combat this worldwide threat, and IoT technology is one of the pioneers in this area. In the context of COVID-19, IoT enabled /linked devices/applications are utilized to lower the possible spread of COVID-19 to others by early diagnosis, monitoring patients, and practicing defined protocols after patient recovery. This paper surveys the role of IoT-based technologies in COVID-19 and reviews the state-of-the-art architectures, platforms, applications, and industrial IoT-based solutions combating COVID-19 in three main phases, including early diagnosis, quarantine time, and after recovery.
△ Less
Submitted 25 September, 2020; v1 submitted 21 July, 2020;
originally announced July 2020.
-
An Ensemble Deep Learning-based Cyber-Attack Detection in Industrial Control System
Authors:
Abdulrahman Al-Abassi,
Hadis Karimipour,
Ali Dehghantanha,
Reza M. Parizi
Abstract:
The integration of communication networks and the Internet of Things (IoT) in Industrial Control Systems (ICSs) increases their vulnerability towards cyber-attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDSs), which are mainly developed to support Information Technology (IT) systems, count vastly on predefined models and are trained mostly on specific cyber-attacks…
▽ More
The integration of communication networks and the Internet of Things (IoT) in Industrial Control Systems (ICSs) increases their vulnerability towards cyber-attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDSs), which are mainly developed to support Information Technology (IT) systems, count vastly on predefined models and are trained mostly on specific cyber-attacks. Besides, most IDSs do not consider the imbalanced nature of ICS datasets, thereby suffering from low accuracy and high false positive on real datasets. In this paper, we propose a deep representation learning model to construct new balanced representations of the imbalanced dataset. The new representations are fed into an ensemble deep learning attack detection model specifically designed for an ICS environment. The proposed attack detection model leverages Deep Neural Network (DNN) and Decision Tree (DT) classifiers to detect cyber-attacks from the new representations. The performance of the proposed model is evaluated based on 10-fold cross-validation on two real ICS datasets. The results show that the proposed method outperforms conventional classifiers, including Random Forest (RF), DNN, and AdaBoost, as well as recent existing models in the literature. The proposed approach is a generalized technique, which can be implemented in existing ICS infrastructures with minimum changes.
△ Less
Submitted 2 May, 2020;
originally announced May 2020.
-
Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey
Authors:
Jacob Sakhnini,
Hadis Karimipour,
Ali Dehghantanha,
Reza M. Parizi,
Gautam Srivastava
Abstract:
The integration of sensors and communication technology in power systems, known as the smart grid, is an emerging topic in science and technology. One of the critical issues in the smart grid is its increased vulnerability to cyber threats. As such, various types of threats and defense mechanisms are proposed in literature. This paper offers a bibliometric survey of research papers focused on the…
▽ More
The integration of sensors and communication technology in power systems, known as the smart grid, is an emerging topic in science and technology. One of the critical issues in the smart grid is its increased vulnerability to cyber threats. As such, various types of threats and defense mechanisms are proposed in literature. This paper offers a bibliometric survey of research papers focused on the security aspects of Internet of Things (IoT) aided smart grids. To the best of the authors' knowledge, this is the very first bibliometric survey paper in this specific field. A bibliometric analysis of all journal articles is performed and the findings are sorted by dates, authorship, and key concepts. Furthermore, this paper also summarizes the types of cyber threats facing the smart grid, the various security mechanisms proposed in literature, as well as the research gaps in the field of smart grid security.
△ Less
Submitted 2 May, 2020;
originally announced May 2020.
-
Blockchain Applications in Power Systems: A Bibliometric Analysis
Authors:
Hossein Mohammadi Rouzbahani,
Hadis Karimipour,
Ali Dehghantanha,
Reza M. Parizi
Abstract:
Power systems are growing rapidly, due to the ever-increasing demand for electrical power. These systems require novel methodologies and modern tools and technologies, to better perform, particularly for communication among different parts. Therefore, power systems are facing new challenges such as energy trading and marketing and cyber threats. Using blockchain in power systems, as a solution, is…
▽ More
Power systems are growing rapidly, due to the ever-increasing demand for electrical power. These systems require novel methodologies and modern tools and technologies, to better perform, particularly for communication among different parts. Therefore, power systems are facing new challenges such as energy trading and marketing and cyber threats. Using blockchain in power systems, as a solution, is one of the newest methods. Most studies aim to investigate innovative approach-es of blockchain application in power systems. Even though, many articles published to support the research activities, there has not been any bibliometric analysis which specifies the research trends. This paper aims to present a bibliographic analysis of the blockchain application in power systems related literature, in the Web of Science (WoS) database between January 2009 and July 2019. This paper discusses the research activities and performed a detailed analysis by looking at the number of articles published, citations, institutions, research areas, and authors. From the analysis, it was concluded that there are several significant impacts of research activities in China and the USA, in comparison to other countries.
△ Less
Submitted 4 December, 2019;
originally announced December 2019.
-
Integrating Privacy Enhancing Techniques into Blockchains Using Sidechains
Authors:
Reza M. Parizi,
Sajad Homayoun,
Abbas Yazdinejad,
Ali Dehghantanha,
Kim-Kwang Raymond Choo
Abstract:
Blockchains are turning into decentralized computing platforms and are getting worldwide recognition for their unique advantages. There is an emerging trend beyond payments that blockchains could enable a new breed of decentralized applications, and serve as the foundation for Internet's security infrastructure. The immutable nature of the blockchain makes it a winner on security and transparency;…
▽ More
Blockchains are turning into decentralized computing platforms and are getting worldwide recognition for their unique advantages. There is an emerging trend beyond payments that blockchains could enable a new breed of decentralized applications, and serve as the foundation for Internet's security infrastructure. The immutable nature of the blockchain makes it a winner on security and transparency; it is nearly inconceivable for ledgers to be altered in a way not instantly clear to every single user involved. However, most blockchains fall short in privacy aspects, particularly in data protection. Garlic Routing and Onion Routing are two of major Privacy Enhancing Techniques (PETs) which are popular for anonymization and security. Garlic Routing is a methodology using by I2P Anonymous Network to hide the identity of sender and receiver of data packets by bundling multiple messages into a layered encryption structure. The Onion Routing attempts to provide lowlatency Internet-based connections that resist traffic analysis, deanonymization attack, eavesdrop**, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). As there are a few controversies over the rate of resistance of these two techniques to privacy attacks, we propose a PET-Enabled Sidechain (PETES) as a new privacy enhancing technique by integrating Garlic Routing and Onion Routing into a Garlic Onion Routing (GOR) framework suitable to the structure of blockchains. The preliminary proposed GOR aims to improve the privacy of transactions in blockchains via PETES structure.
△ Less
Submitted 12 June, 2019;
originally announced June 2019.
-
A Blockchain-based Framework for Detecting Malicious Mobile Applications in App Stores
Authors:
Sajad Homayoun,
Ali Dehghantanha,
Reza M. Parizi,
Kim-Kwang Raymond Choo
Abstract:
The dramatic growth in smartphone malware shows that malicious program developers are shifting from traditional PC systems to smartphone devices. Therefore, security researchers are also moving towards proposing novel antimalware methods to provide adequate protection. This paper proposes a Blockchain-Based Malware Detection Framework (B2MDF) for detecting malicious mobile applications in mobile a…
▽ More
The dramatic growth in smartphone malware shows that malicious program developers are shifting from traditional PC systems to smartphone devices. Therefore, security researchers are also moving towards proposing novel antimalware methods to provide adequate protection. This paper proposes a Blockchain-Based Malware Detection Framework (B2MDF) for detecting malicious mobile applications in mobile applications marketplaces (app stores). The framework consists of two internal and external private blockchains forming a dual private blockchain as well as a consortium blockchain for the final decision. The internal private blockchain stores feature blocks extracted by both static and dynamic feature extractors, while the external blockchain stores detection results as blocks for current versions of applications. B2MDF also shares feature blocks with third parties, and this helps antimalware vendors to provide more accurate solutions.
△ Less
Submitted 12 June, 2019;
originally announced June 2019.
-
Blockchain-enabled Authentication Handover with Efficient Privacy Protection in SDN-based 5G Networks
Authors:
Abbas Yazdinejad,
Reza M. Parizi,
Ali Dehghantanha,
Kim-Kwang Raymond Choo
Abstract:
5G mobile networks provide additional benefits in terms of lower latency, higher data rates, and more coverage, in comparison to 4G networks, and they are also coming close to standardization. For example, 5G has a new level of data transfer and processing speed that assures users are not disconnected when they move from one cell to another; thus, supporting faster connection. However, it comes wi…
▽ More
5G mobile networks provide additional benefits in terms of lower latency, higher data rates, and more coverage, in comparison to 4G networks, and they are also coming close to standardization. For example, 5G has a new level of data transfer and processing speed that assures users are not disconnected when they move from one cell to another; thus, supporting faster connection. However, it comes with its own technical challenges relating to resource management, authentication handover and user privacy protection. In 5G, the frequent displacement of the users among the cells as a result of repeated authentication handovers often lead to a delay, contradicting the 5G objectives. In this paper, we propose a new authentication approach that utilizes blockchain and software defined networking (SDN) techniques to remove the re-authentication in repeated handover among heterogeneous cells. The proposed approach is designed to assure the low delay, appropriate for the 5G network in which users can be replaced with the least delay among heterogeneous cells using their public and private keys provided by the devised blockchain component while protecting their privacy. In our comparison between Proof-of-Work (POW)-based and network-based models, the delay of our authentication handover was shown to be less than 1ms. Also, our approach demonstrated less signaling overhead and energy consumption compared to peer models.
△ Less
Submitted 8 May, 2019;
originally announced May 2019.
-
Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains
Authors:
Reza M. Parizi,
Ali Dehghantanha,
Kim-Kwang Raymond Choo,
Amritraj Singh
Abstract:
The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the introduction of smart contracts. Smart contracts are self-enforcing pieces of software, which reside and run over a hosting blockchain. Using blockc…
▽ More
The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the introduction of smart contracts. Smart contracts are self-enforcing pieces of software, which reside and run over a hosting blockchain. Using blockchain-based smart contracts for secure and transparent management to govern interactions (authentication, connection, and transaction) in Internet-enabled environments, mostly IoT, is a niche area of research and practice. However, writing trustworthy and safe smart contracts can be tremendously challenging because of the complicated semantics of underlying domain-specific languages and its testability. There have been high-profile incidents that indicate blockchain smart contracts could contain various code-security vulnerabilities, instigating financial harms. When it involves security of smart contracts, developers embracing the ability to write the contracts should be capable of testing their code, for diagnosing security vulnerabilities, before deploying them to the immutable environments on blockchains. However, there are only a handful of security testing tools for smart contracts. This implies that the existing research on automatic smart contracts security testing is not adequate and remains in a very stage of infancy. With a specific goal to more readily realize the application of blockchain smart contracts in security and privacy, we should first understand their vulnerabilities before widespread implementation. Accordingly, the goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity to provide the first...
△ Less
Submitted 7 September, 2018;
originally announced September 2018.
-
Microservices as an Evolutionary Architecture of Component-Based Development: A Think-aloud Study
Authors:
Reza M. Parizi
Abstract:
Microservices become a fast growing and popular architectural style based on service-oriented development. One of the major advantages using component-based approaches is to support reuse. In this paper, we present a study of microservices and how these systems are related to the traditional abstract models of component-based systems. This research focuses on the core properties of microservices i…
▽ More
Microservices become a fast growing and popular architectural style based on service-oriented development. One of the major advantages using component-based approaches is to support reuse. In this paper, we present a study of microservices and how these systems are related to the traditional abstract models of component-based systems. This research focuses on the core properties of microservices including their scalability, availability and resilience, consistency, coupling and cohesion, and data storage capability, while highlighting their limitations and challenges in relation to components. To support our study, we investigated the existing literature and provided potential directions and interesting points in this growing field of research. As a result, using microservices as components is promising and would be a good mechanism for building applications that were used to be built with component-based approaches.
△ Less
Submitted 29 May, 2018;
originally announced May 2018.
-
On the Current Measurement Practices in Agile Software Development
Authors:
Taghi Javdani,
Hazura Zulzalil,
Abdul Azim Abd Ghani,
Abu Bakar Md Sultan,
Reza Meimandi Parizi
Abstract:
Agile software development (ASD) methods were introduced as a reaction to traditional software development methods. Principles of these methods are different from traditional methods and so there are some different processes and activities in agile methods comparing to traditional methods. Thus ASD methods require different measurement practices comparing to traditional methods. Agile teams often…
▽ More
Agile software development (ASD) methods were introduced as a reaction to traditional software development methods. Principles of these methods are different from traditional methods and so there are some different processes and activities in agile methods comparing to traditional methods. Thus ASD methods require different measurement practices comparing to traditional methods. Agile teams often do their projects in the simplest and most effective way so, measurement practices in agile methods are more important than traditional methods, because lack of appropriate and effective measurement practices, will increase risk of project. The aims of this paper are investigation on current measurement practices in ASD methods, collecting them together in one study and also reviewing agile version of Common Software Measurement International Consortium (COSMIC) publication.
△ Less
Submitted 24 January, 2013;
originally announced January 2013.