This page has only limited features, please log in for full access.

Unclaimed
Aziz Mohaisen
University of Central Florida

Basic Info

Basic Info is private.

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 03 June 2021 in IEEE Internet of Things Journal
Reads 0
Downloads 0

The Linux shell is a command-line interpreter that provides users with a command interface to the operating system, allowing them to perform various functions. Although very useful in building capabilities at the edge, the Linux shell can be exploited, giving adversaries a prime opportunity to use them for malicious activities. With access to IoT devices, malware authors can abuse the Linux shell of those devices to propagate infections and launch large-scale attacks, e.g., DDoS. In this work, we provide a first look at the tasks managed by shell commands in Linux-based IoT malware towards detection. We analyze malicious shell commands found in IoT malware and build a neural network-based model, , to detect malicious shell commands. Namely, we collected a large dataset of shell commands, including malicious commands extracted from 2,891 IoT malware samples and benign commands collected from real-world network traffic analysis and volunteered data from Linux users. Using conventional machine and deep learning-based approaches trained with a term-and character-level features, is shown to achieve an accuracy of more than 99% in detecting malicious shell commands and files (i.e. binaries).

ACS Style

Hisham Alasmary; Afsah Anwar; Ahmed Abusnaina; Abdulrahman Alabduljabbar; Mohammed Abuhamad; An Wang; Dae Hun Nyang; Amro Awad; David Mohaisen. SHELLCORE: Automating Malicious IoT Software Detection Using Shell Commands Representation. IEEE Internet of Things Journal 2021, PP, 1 -1.

AMA Style

Hisham Alasmary, Afsah Anwar, Ahmed Abusnaina, Abdulrahman Alabduljabbar, Mohammed Abuhamad, An Wang, Dae Hun Nyang, Amro Awad, David Mohaisen. SHELLCORE: Automating Malicious IoT Software Detection Using Shell Commands Representation. IEEE Internet of Things Journal. 2021; PP (99):1-1.

Chicago/Turabian Style

Hisham Alasmary; Afsah Anwar; Ahmed Abusnaina; Abdulrahman Alabduljabbar; Mohammed Abuhamad; An Wang; Dae Hun Nyang; Amro Awad; David Mohaisen. 2021. "SHELLCORE: Automating Malicious IoT Software Detection Using Shell Commands Representation." IEEE Internet of Things Journal PP, no. 99: 1-1.

Journal article
Published: 25 May 2021 in Computers & Security
Reads 0
Downloads 0

In this paper, we introduce a hardware-based system with a protocol realization to authenticate Internet of Things (IoT) devices. DigitalSeal is a novel standalone network-independent authentication tool implemented using an Arduino UNO and various components. DigitalSeal ’s I/O elements read a barcode and display a barcode data and its corresponding HMAC, which are used for authentication. DigitalSeal can manage cryptographic keys securely and provide a data integrity in order to defend against Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks. Moreover, DigitalSeal can be used in various applications, such as an authentication system or protocol, an online/offline transaction, a login session, and an IoT device authentication. Using DigitalSeal, we propose a new protocol for IoT device authentication, providing various security benefits and reducing the burden of key maintenance for a large number of IoT devices. Our authentication protocol realization with DigitalSeal provides a convenient method for securely managing password for multiple IoT devices, prevents unauthorized IoT devices from connecting to the user’s gateway (an IoT home/enterprise network), and secures the communication between the IoT device and the gateway. Our system and associated protocol are both cost-effective and usable. According to our experiments, most users are able to obtain the authentication credential (the HMAC) within 3 seconds with more than 93% accuracy using DigitalSeal.

ACS Style

Changhun Jung; Jinchun Choi; RhongHo Jang; David Mohaisen; Daehun Nyang. A network-independent tool-based usable authentication system for Internet of Things devices. Computers & Security 2021, 108, 102338 .

AMA Style

Changhun Jung, Jinchun Choi, RhongHo Jang, David Mohaisen, Daehun Nyang. A network-independent tool-based usable authentication system for Internet of Things devices. Computers & Security. 2021; 108 ():102338.

Chicago/Turabian Style

Changhun Jung; Jinchun Choi; RhongHo Jang; David Mohaisen; Daehun Nyang. 2021. "A network-independent tool-based usable authentication system for Internet of Things devices." Computers & Security 108, no. : 102338.

Original research paper
Published: 01 March 2021 in IET Blockchain
Reads 0
Downloads 0

Blockchain‐based audit systems suffer from low scalability and high message complexity. The root cause of these shortcomings is the use of “Practical Byzantine Fault Tolerance” (PBFT) consensus protocol in those systems. Alternatives to PBFT have not been used in blockchain‐based audit systems due to the limited knowledge about their functional and operational requirements. Currently, no blockchain testbed supports the execution and benchmarking of different consensus protocols in a unified testing environment. This paper demonstrates building a blockchain testbed that supports the execution of five state‐of‐the‐art consensus protocols in a blockchain system; namely PBFT, Proof‐of‐Work (PoW), Proof‐of‐Stake (PoS), Proof‐of‐Elapsed Time (PoET), and Clique. Performance evaluation of those consensus algorithms is carried out using data from a real‐world audit system. These results show that the Clique protocol is best suited for blockchain‐based audit systems, based on scalability features.

ACS Style

Ashar Ahmad; Abdulrahman Alabduljabbar; Muhammad Saad; Daehun Nyang; Joongheon Kim; David Mohaisen. Empirically comparing the performance of blockchain's consensus algorithms. IET Blockchain 2021, 1, 56 -64.

AMA Style

Ashar Ahmad, Abdulrahman Alabduljabbar, Muhammad Saad, Daehun Nyang, Joongheon Kim, David Mohaisen. Empirically comparing the performance of blockchain's consensus algorithms. IET Blockchain. 2021; 1 (1):56-64.

Chicago/Turabian Style

Ashar Ahmad; Abdulrahman Alabduljabbar; Muhammad Saad; Daehun Nyang; Joongheon Kim; David Mohaisen. 2021. "Empirically comparing the performance of blockchain's consensus algorithms." IET Blockchain 1, no. 1: 56-64.

Journal article
Published: 04 February 2021 in IEEE Transactions on Mobile Computing
Reads 0
Downloads 0

In this paper, we provide the design and implementation of UOIT, a text entry method optimized for smartwatches. UOIT uses only one page where a user can see and tap directly for entry without any additional actions, such as zoom-in/zoom-out and swipes, which are required in the existing entry methods. To fully utilize the constrained screen space and to address the "fat finger" problem, we use a technique called "drawing-like typing", which reduces the 26 small alphabetic keys into 13 large keys with a dual input property. To evaluate the performance of UOIT, we conducted two user studies while varying the learning period. In the short-term experiments (i.e., two days), we observed a fast learning curve of users when using the UIOT keyboard. Moreover, with the long-term experiments (i.e., a month), we show that users can type as fast as QWERTY keyboard but with much less errors. Moreover, UOIT outperforms the state-of-the-art keyboard in both speed and error rate.

ACS Style

RhongHo Jang; Changhun Jung; David Mohaisen; Kyunghee Lee; Daehun Nyang. A One-Page Text Entry Method Optimized for Rectangle Smartwatches. IEEE Transactions on Mobile Computing 2021, PP, 1 -1.

AMA Style

RhongHo Jang, Changhun Jung, David Mohaisen, Kyunghee Lee, Daehun Nyang. A One-Page Text Entry Method Optimized for Rectangle Smartwatches. IEEE Transactions on Mobile Computing. 2021; PP (99):1-1.

Chicago/Turabian Style

RhongHo Jang; Changhun Jung; David Mohaisen; Kyunghee Lee; Daehun Nyang. 2021. "A One-Page Text Entry Method Optimized for Rectangle Smartwatches." IEEE Transactions on Mobile Computing PP, no. 99: 1-1.

Journal article
Published: 29 January 2021 in Journal of Network and Computer Applications
Reads 0
Downloads 0

Blockchain-based cryptocurrencies, such as Bitcoin, have seen on the rise in their popularity and value, making them a target to several forms of Denial-of-Service (DoS) attacks, and calling for a better understanding of their attack surface from both security and distributed systems standpoints. In this paper, and in the pursuit of understanding the attack surface of blockchains, we explore a new form of attack that can be carried out on the memory pools (mempools), and mainly targets blockchain-based cryptocurrencies. We study this attack on Bitcoin's mempool and explore the attack's effects on transactions fee paid by benign users. To counter this attack, this paper further proposes Contra-∗, a set of countermeasures utilizing fee, age, and size (thus, Contra-F, Contra-A, and Contra-S) as prioritization mechanisms. Contra-∗ optimize the mempool size and help in countering the effects of DoS attacks due to spam transactions. We evaluate Contra-∗ by simulations and analyze their effectiveness under various attack conditions.

ACS Style

Muhammad Saad; Joongheon Kim; Daehun Nyang; David Mohaisen. Contra-∗: Mechanisms for countering spam attacks on blockchain's memory pools. Journal of Network and Computer Applications 2021, 179, 102971 .

AMA Style

Muhammad Saad, Joongheon Kim, Daehun Nyang, David Mohaisen. Contra-∗: Mechanisms for countering spam attacks on blockchain's memory pools. Journal of Network and Computer Applications. 2021; 179 ():102971.

Chicago/Turabian Style

Muhammad Saad; Joongheon Kim; Daehun Nyang; David Mohaisen. 2021. "Contra-∗: Mechanisms for countering spam attacks on blockchain's memory pools." Journal of Network and Computer Applications 179, no. : 102971.

Journal article
Published: 01 January 2021 in IEEE Transactions on Parallel and Distributed Systems
Reads 0
Downloads 0

Blockchain applications that rely on the Proof-of-Work (PoW) have increasingly become energy inefficient with a staggering carbon footprint. In contrast, energy efficient alternative consensus protocols such as Proof-of-Stake (PoS) may cause centralization and unfairness in the blockchain system. To address these challenges, we propose a modular version of PoS-based blockchain systems called e-PoS that resists the centralization of network resources by extending mining opportunities to a wider set of stakeholders. Moreover, e-PoS leverages the in-built system operations to promote fair mining practices by penalizing malicious entities. We validate e-PoS's achievable objectives through theoretical analysis and simulations. Our results show that \ep ensures fairness and decentralization, and can be applied to existing blockchain applications.

ACS Style

Muhammad Saad; Zhan Qin; Kui Ren; Daehun Nyang; David Mohaisen. e-PoS: Making Proof-of-Stake Decentralized and Fair. IEEE Transactions on Parallel and Distributed Systems 2021, 32, 1961 -1973.

AMA Style

Muhammad Saad, Zhan Qin, Kui Ren, Daehun Nyang, David Mohaisen. e-PoS: Making Proof-of-Stake Decentralized and Fair. IEEE Transactions on Parallel and Distributed Systems. 2021; 32 (8):1961-1973.

Chicago/Turabian Style

Muhammad Saad; Zhan Qin; Kui Ren; Daehun Nyang; David Mohaisen. 2021. "e-PoS: Making Proof-of-Stake Decentralized and Fair." IEEE Transactions on Parallel and Distributed Systems 32, no. 8: 1961-1973.

Conference paper
Published: 28 November 2020 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

Software vulnerabilities in emerging systems, such as the Internet of Things (IoT), allow for multiple attack vectors that are exploited by adversaries for malicious intents. One of such vectors is malware, where limited efforts have been dedicated to IoT malware analysis, characterization, and understanding. In this paper, we analyze recent IoT malware through the lenses of static analysis. Towards this, we reverse-engineer and perform a detailed analysis of almost 2,900 IoT malware samples of eight different architectures across multiple analysis directions. We conduct string analysis, unveiling operation, unique textual characteristics, and network dependencies. Through the control flow graph analysis, we unveil unique graph-theoretic features. Through the function analysis, we address obfuscation by function approximation. We then pursue two applications based on our analysis: 1) Combining various analysis aspects, we reconstruct the infection lifecycle of various prominent malware families, and 2) using multiple classes of features obtained from our static analysis, we design a machine learning-based detection model with features that are robust and an average detection rate of 99.8%.

ACS Style

Afsah Anwar; Hisham Alasmary; Jeman Park; An Wang; Songqing Chen; David Mohaisen. Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection. Transactions on Petri Nets and Other Models of Concurrency XV 2020, 443 -461.

AMA Style

Afsah Anwar, Hisham Alasmary, Jeman Park, An Wang, Songqing Chen, David Mohaisen. Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection. Transactions on Petri Nets and Other Models of Concurrency XV. 2020; ():443-461.

Chicago/Turabian Style

Afsah Anwar; Hisham Alasmary; Jeman Park; An Wang; Songqing Chen; David Mohaisen. 2020. "Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 443-461.

Journal article
Published: 21 October 2020 in Sustainability
Reads 0
Downloads 0

Content-Centric Networking (CCN) is one of the emerging paradigms for the future Internet, which shifts the communication paradigm from host-centric to data-centric. In CCN, contents are delivered by their unique names, and a public-key-based signature is built into data packets to verify the authenticity and integrity of the contents. To date, research has tried to accelerate the validation of the given data packets, but existing techniques were designed to improve the performance of content verification from the requester’s viewpoint. However, we need to efficiently verify the validity of data packets in each forwarding engine, since the transmission of invalid packets influences not only security but also performance, which can lead to a DDoS (Distributed Denial of Service) attack on CCN. For example, an adversary can inject a number of meaningless packets into CCN to consume the forwarding engines’ cache and network bandwidth. In this paper, a novel authentication architecture is introduced, which can support faster forwarding by accelerating the performance of data validation in forwarding engines. Since all forwarding engines verify data packets, our authentication architecture can eliminate invalid packets before they are injected into other CCN nodes. The architecture utilizes public-key based authentication algorithms to support public verifiability and non-repudiation, but a novel technique is proposed in this paper to reduce the overhead from using PKI for verifying public keys used by forwarding engines and end-users in the architecture. The main merit of this work is in improving the performance of data-forwarding in CCN regardless of the underlying public-key validation mechanism, such as PKI, by reducing the number of accesses to the mechanism. Differently from existing approaches that forgive some useful features of the Naive CCN for higher performance, the proposed technique is the only architecture which can support all useful features given by the Naive CCN.

ACS Style

Taek-Young Youn; Joongheon Kim; David Mohaisen; Seog Seo. Faster Data Forwarding in Content-Centric Network via Overlaid Packet Authentication Architecture. Sustainability 2020, 12, 8746 .

AMA Style

Taek-Young Youn, Joongheon Kim, David Mohaisen, Seog Seo. Faster Data Forwarding in Content-Centric Network via Overlaid Packet Authentication Architecture. Sustainability. 2020; 12 (20):8746.

Chicago/Turabian Style

Taek-Young Youn; Joongheon Kim; David Mohaisen; Seog Seo. 2020. "Faster Data Forwarding in Content-Centric Network via Overlaid Packet Authentication Architecture." Sustainability 12, no. 20: 8746.

Journal article
Published: 28 August 2020 in IEEE Internet of Things Journal
Reads 0
Downloads 0

Mobile devices and technologies have become increasingly popular, offering comparable storage and computational capabilities to desktop computers allowing users to store and interact with sensitive and private information. The security and protection of such personal information are becoming more and more important since mobile devices are vulnerable to unauthorized access or theft. User authentication is a task of paramount importance that grants access to legitimate users at the point-of-entry and continuously through the usage session. This task is made possible with today’s smartphones’ embedded sensors that enable continuous and implicit user authentication by capturing behavioral biometrics and traits. In this paper, we survey more than 140 recent behavioral biometric-based approaches for continuous user authentication, including motion-based methods (28 studies), gait-based methods (19 studies), keystroke dynamics-based methods (20 studies), touch gesture-based methods (29 studies), voice-based methods (16 studies), and multimodal-based methods (34 studies). The survey provides an overview of the current state-of-the-art approaches for continuous user authentication using behavioral biometrics captured by smartphones’ embedded sensors, including insights and open challenges for adoption, usability, and performance.

ACS Style

Mohammed Abuhamad; Ahmed Abusnaina; Dae Hun Nyang; David Mohaisen. Sensor-Based Continuous Authentication of Smartphones’ Users Using Behavioral Biometrics: A Contemporary Survey. IEEE Internet of Things Journal 2020, 8, 65 -84.

AMA Style

Mohammed Abuhamad, Ahmed Abusnaina, Dae Hun Nyang, David Mohaisen. Sensor-Based Continuous Authentication of Smartphones’ Users Using Behavioral Biometrics: A Contemporary Survey. IEEE Internet of Things Journal. 2020; 8 (1):65-84.

Chicago/Turabian Style

Mohammed Abuhamad; Ahmed Abusnaina; Dae Hun Nyang; David Mohaisen. 2020. "Sensor-Based Continuous Authentication of Smartphones’ Users Using Behavioral Biometrics: A Contemporary Survey." IEEE Internet of Things Journal 8, no. 1: 65-84.

Journal article
Published: 28 August 2020 in IEEE Transactions on Professional Communication
Reads 0
Downloads 0

Emerging Non-Volatile Memories (NVMs) bring a unique challenge to the security community, namely persistent security. As NVM-based memories are expected to restore their data after recovery, the security metadata must be recovered as well. However, persisting all affected security metadata on each memory write would significantly degrade performance and exacerbate the write endurance problem. On the other hand, relying on encryption counters recovery scheme would take hours to rebuild the integrity tree, and will not be sufficient to rebuild the Tree-of-Counters (ToC). Due to intermediate nodes dependencies it is not possible to recover this type of trees using the encryption counters. To ensure recoverability, all updates to the security metadata must be persisted, which can be tens of additional writes on each write. In this paper, we propose Phoenix, a practical novel scheme which relies on elegantly reproducing the cache content before a crash, however with minimal overheads. Our evaluation results show that Phoenix reduces persisting security metadata overhead writes to 3.8% less than a write-back encrypted system without recovery, thus improving the NVM lifetime by 8x. Overall Phoenix performance is better than the baseline.

ACS Style

Mazen Alwadi; Kazi Zubair; David Mohaisen; Amro Awad. Phoenix: Towards Ultra-Low Overhead, Recoverable, and Persistently Secure NVM. IEEE Transactions on Professional Communication 2020, PP, 1 -1.

AMA Style

Mazen Alwadi, Kazi Zubair, David Mohaisen, Amro Awad. Phoenix: Towards Ultra-Low Overhead, Recoverable, and Persistently Secure NVM. IEEE Transactions on Professional Communication. 2020; PP (99):1-1.

Chicago/Turabian Style

Mazen Alwadi; Kazi Zubair; David Mohaisen; Amro Awad. 2020. "Phoenix: Towards Ultra-Low Overhead, Recoverable, and Persistently Secure NVM." IEEE Transactions on Professional Communication PP, no. 99: 1-1.

Journal article
Published: 11 June 2020 in IEEE Access
Reads 0
Downloads 0

Proxy servers act as an intermediary and a gateway between users and other servers on the Internet, and have many beneficial applications targeting the privacy of users, including bypassing server-side blocking, regional restrictions, etc. Despite the beneficial applications of proxies, they are also used by adversaries to hide their identity and to launch many attacks. As such, many websites restrict access from proxies, resulting in blacklists to filter out those proxies and to aid in their blocking. In this work, we explore the ecosystem of proxies by understanding their affinities and distributions comparatively. We compare residential and open proxies in various ways, including country-level and city-level analyses to highlight their geospatial distributions, similarities, and differences against a large number of blacklists and categories therein, i.e., spam and maliciousness analysis, to understand their characteristics and attributes. We conclude that, while aiming to achieve the same goal, residential and open proxies still have distinct characteristics warranting considering them separately for the role they play in the larger Internet ecosystem. Moreover, we highlight the correlation of proxy locality distribution and five country-level characteristics, such as their Internet censorship, political stability, and Gross Domestic Product (GDP).

ACS Style

Jinchun Choi; Mohammed Abuhamad; Ahmed Abusnaina; Afsah Anwar; Sultan Alshamrani; Jeman Park; Daehun Nyang; David Mohaisen. Understanding the Proxy Ecosystem: A Comparative Analysis of Residential and Open Proxies on the Internet. IEEE Access 2020, 8, 111368 -111380.

AMA Style

Jinchun Choi, Mohammed Abuhamad, Ahmed Abusnaina, Afsah Anwar, Sultan Alshamrani, Jeman Park, Daehun Nyang, David Mohaisen. Understanding the Proxy Ecosystem: A Comparative Analysis of Residential and Open Proxies on the Internet. IEEE Access. 2020; 8 ():111368-111380.

Chicago/Turabian Style

Jinchun Choi; Mohammed Abuhamad; Ahmed Abusnaina; Afsah Anwar; Sultan Alshamrani; Jeman Park; Daehun Nyang; David Mohaisen. 2020. "Understanding the Proxy Ecosystem: A Comparative Analysis of Residential and Open Proxies on the Internet." IEEE Access 8, no. : 111368-111380.

Journal article
Published: 02 March 2020 in IEEE Communications Surveys & Tutorials
Reads 0
Downloads 0

In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities.

ACS Style

Muhammad Saad; Jeffrey Spaulding; Laurent Njilla; Charles Kamhoua; Sachin Shetty; Dae Hun Nyang; David Mohaisen. Exploring the Attack Surface of Blockchain: A Comprehensive Survey. IEEE Communications Surveys & Tutorials 2020, 22, 1977 -2008.

AMA Style

Muhammad Saad, Jeffrey Spaulding, Laurent Njilla, Charles Kamhoua, Sachin Shetty, Dae Hun Nyang, David Mohaisen. Exploring the Attack Surface of Blockchain: A Comprehensive Survey. IEEE Communications Surveys & Tutorials. 2020; 22 (3):1977-2008.

Chicago/Turabian Style

Muhammad Saad; Jeffrey Spaulding; Laurent Njilla; Charles Kamhoua; Sachin Shetty; Dae Hun Nyang; David Mohaisen. 2020. "Exploring the Attack Surface of Blockchain: A Comprehensive Survey." IEEE Communications Surveys & Tutorials 22, no. 3: 1977-2008.

Journal article
Published: 24 February 2020 in IEEE Internet of Things Journal
Reads 0
Downloads 0

Smartphones have become crucial for our daily life activities and are increasingly loaded with our personal information to perform several sensitive tasks including mobile banking, communication, and are used for storing private photos and files. Therefore, there is a high demand for applying usable authentication techniques that prevent unauthorized access to sensitive information. In this work, we propose , a deep learning-based active authentication approach that exploits sensors in consumer-grade smartphones to authenticate a user. Unlike conventional approaches, is based on deep learning to identify user distinct behavior from the embedded sensors with and without the user’s interaction with the smartphone. We investigate different deep learning architectures in modeling and capturing users’ behavioral patterns for the purpose of authentication. Moreover, we explore the sufficiency of sensory data required to accurately authenticate users. We evaluate on a real-world dataset that includes sensors data of 84 participants’ smartphones collected using our designed data-collection application. The experiments show that operates accurately using readings of only three sensors (accelerometer, gyroscope, and magnetometer) with a high authentication frequency, e.g., one authentication attempt every 0.5 seconds. Using sensory data of one second enables an authentication F1-score of approximately 98%, FAR of 0.95%, FRR of 6.67%, and EER of 0.41%. While using sensory data of half a second enables an authentication F1-score of 97.52%, FAR of 0.96%, FRR of 8.08%, and EER of 0.09%. Moreover, we investigate the effects of using different sensory data at variable sampling periods on the performance of the authentication models under various settings and learning architectures.

ACS Style

Mohammed Abuhamad; Tamer AbuHmed; David Mohaisen; Dae Hun Nyang. AUToSen: Deep-Learning-Based Implicit Continuous Authentication Using Smartphone Sensors. IEEE Internet of Things Journal 2020, 7, 5008 -5020.

AMA Style

Mohammed Abuhamad, Tamer AbuHmed, David Mohaisen, Dae Hun Nyang. AUToSen: Deep-Learning-Based Implicit Continuous Authentication Using Smartphone Sensors. IEEE Internet of Things Journal. 2020; 7 (6):5008-5020.

Chicago/Turabian Style

Mohammed Abuhamad; Tamer AbuHmed; David Mohaisen; Dae Hun Nyang. 2020. "AUToSen: Deep-Learning-Based Implicit Continuous Authentication Using Smartphone Sensors." IEEE Internet of Things Journal 7, no. 6: 5008-5020.

Conference paper
Published: 25 January 2020 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

The Internet of Battlefield Things (IoBT) is an emerging application to improve operational effectiveness for military applications. The security of IoBT is one of the more challenging aspects, where adversaries can exploit vulnerabilities in IoBT software and deployment conditions to gain insight into their state. In this work, we look into the security of IoBT from the lens of cyber deception. First, we formulate the IoBT domain as a graph learning problem from an adversarial point of view and introduce various tools through which an adversary can learn the graph starting with partial prior knowledge. Second, we use this model to show that an adversary can learn high-level information from low-level graph structures, including the number of soldiers and their proximity. For that, we use a powerful n-gram based algorithm to obtain features from random walks on the underlying graph representation of IoBT. Third, we provide microscopic and macroscopic approaches that manipulate the underlying IoBT graph structure to introduce uncertainty in the adversary’s learning. Finally, we show our approach’s effectiveness through analyses and evaluations.

ACS Style

Jeman Park; Aziz Mohaisen; Charles A. Kamhoua; Michael J. Weisman; Nandi O. Leslie; Laurent Njilla. Cyber Deception in the Internet of Battlefield Things: Techniques, Instances, and Assessments. Transactions on Petri Nets and Other Models of Concurrency XV 2020, 299 -312.

AMA Style

Jeman Park, Aziz Mohaisen, Charles A. Kamhoua, Michael J. Weisman, Nandi O. Leslie, Laurent Njilla. Cyber Deception in the Internet of Battlefield Things: Techniques, Instances, and Assessments. Transactions on Petri Nets and Other Models of Concurrency XV. 2020; ():299-312.

Chicago/Turabian Style

Jeman Park; Aziz Mohaisen; Charles A. Kamhoua; Michael J. Weisman; Nandi O. Leslie; Laurent Njilla. 2020. "Cyber Deception in the Internet of Battlefield Things: Techniques, Instances, and Assessments." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 299-312.

Preprint
Published: 23 January 2020
Reads 0
Downloads 0

Mobile devices and technologies have become increasingly popular, offering comparable storage and computational capabilities to desktop computers allowing users to store and interact with sensitive and private information. The security and protection of such personal information are becoming more and more important since mobile devices are vulnerable to unauthorized access or theft. User authentication is a task of paramount importance that grants access to legitimate users at the point-of-entry and continuously through the usage session. This task is made possible with today's smartphones' embedded sensors that enable continuous and implicit user authentication by capturing behavioral biometrics and traits. In this paper, we survey more than 140 recent behavioral biometric-based approaches for continuous user authentication, including motion-based methods (27 studies), gait-based methods (23 studies), keystroke dynamics-based methods (20 studies), touch gesture-based methods (29 studies), voice-based methods (16 studies), and multimodal-based methods (33 studies). The survey provides an overview of the current state-of-the-art approaches for continuous user authentication using behavioral biometrics captured by smartphones' embedded sensors, including insights and open challenges for adoption, usability, and performance.

ACS Style

Mohammed Abuhamad; Ahmed Abusnaina; Daehun Nyang; David Mohaisen. Sensor-based Continuous Authentication of Smartphones' Users Using Behavioral Biometrics: A Survey. 2020, 1 .

AMA Style

Mohammed Abuhamad, Ahmed Abusnaina, Daehun Nyang, David Mohaisen. Sensor-based Continuous Authentication of Smartphones' Users Using Behavioral Biometrics: A Survey. . 2020; ():1.

Chicago/Turabian Style

Mohammed Abuhamad; Ahmed Abusnaina; Daehun Nyang; David Mohaisen. 2020. "Sensor-based Continuous Authentication of Smartphones' Users Using Behavioral Biometrics: A Survey." , no. : 1.

Journal article
Published: 17 September 2019 in IEEE Systems Journal
Reads 0
Downloads 0

Recently, the Blockchain-based cryptocurrency market witnessed enormous growth. Bitcoin, the leading cryptocurrency, reached all-time highs many times over the year leading to speculations to explain the trend in its growth. In this article, we study Bitcoin and Ethereum and explore features in their network that explain their price hikes. We gather data and analyze user and network activity that highly impact the price of these cryptocurrencies. We monitor the change in the activities over time and relate them to economic theories. We identify key network features that help us to determine the demand and supply dynamics in a cryptocurrency. Finally, we use machine learning methods to construct models that predict Bitcoin price. Based on our experimental results using two large datasets for validation, we confirm that our approach provides an accuracy of up to 99% for Bitcoin and Ethereum price prediction in both instances.

ACS Style

Muhammad Saad; Jinchun Choi; Daehun Nyang; Joongheon Kim; Aziz Mohaisen. Toward Characterizing Blockchain-Based Cryptocurrencies for Highly Accurate Predictions. IEEE Systems Journal 2019, 14, 321 -332.

AMA Style

Muhammad Saad, Jinchun Choi, Daehun Nyang, Joongheon Kim, Aziz Mohaisen. Toward Characterizing Blockchain-Based Cryptocurrencies for Highly Accurate Predictions. IEEE Systems Journal. 2019; 14 (1):321-332.

Chicago/Turabian Style

Muhammad Saad; Jinchun Choi; Daehun Nyang; Joongheon Kim; Aziz Mohaisen. 2019. "Toward Characterizing Blockchain-Based Cryptocurrencies for Highly Accurate Predictions." IEEE Systems Journal 14, no. 1: 321-332.

Journal article
Published: 01 July 2019 in IEEE Internet of Things Journal
Reads 0
Downloads 0

The steady growth in the number of deployed Internet of Things (IoT) devices has been paralleled with an equal growth in the number of malicious software (malware) targeting those devices. In this work, we build a detection mechanism of IoT malware utilizing Control Flow Graphs (CFGs). To motivate for our detection mechanism, we contrast the underlying characteristics of IoT malware to other types of malware—Android malware, which are also Linux-based—across multiple features. The preliminary analyses reveal that the Android malware have high density, strong closeness and betweenness, and a larger number of nodes. We show that IoT malware samples have a large number of edges despite a smaller number of nodes, which demonstrate a richer flow structure and higher complexity. We utilize those various characterizing features as a modality to build a highly effective deep learning-based detection model to detect IoT malware. To test our model, we use CFGs of about 6,000 malware and benign IoT disassembled samples, and show a detection accuracy of ≈99.66%.

ACS Style

Hisham Alasmary; Aminollah Khormali; Afsah Anwar; Jeman Park; Jinchun Choi; Ahmed Abusnaina; Amro Awad; Dae Hun Nyang; Aziz Mohaisen. Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach. IEEE Internet of Things Journal 2019, 6, 8977 -8988.

AMA Style

Hisham Alasmary, Aminollah Khormali, Afsah Anwar, Jeman Park, Jinchun Choi, Ahmed Abusnaina, Amro Awad, Dae Hun Nyang, Aziz Mohaisen. Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach. IEEE Internet of Things Journal. 2019; 6 (5):8977-8988.

Chicago/Turabian Style

Hisham Alasmary; Aminollah Khormali; Afsah Anwar; Jeman Park; Jinchun Choi; Ahmed Abusnaina; Amro Awad; Dae Hun Nyang; Aziz Mohaisen. 2019. "Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach." IEEE Internet of Things Journal 6, no. 5: 8977-8988.

Journal article
Published: 18 June 2019 in IEEE Internet of Things Journal
Reads 0
Downloads 0

With the rapid evolution of electric systems, there has been a significant demand for Energy Internet (EI) systems that allow sustainable and environmentally friendly energy management. Several research efforts regarding EI systems have been aimed at providing reliable, efficient, and cost-effective techniques. In this paper, we propose a novel algorithm and system for real-time electricity pricing and scheduling. Our algorithm consists of a two-stage operation. The first stage performs real-time pricing to determine the maximum electricity consumption while the second stage performs Internet of Things (IoT) device scheduling. In the second stage, the optimization framework for scheduling is modeled as a 0-1 Knapsack problem; therefore, the solutions to the optimization problem are computed using a dynamic programming framework. Through intensive simulations with well-defined parameters, it is verified that the proposed scheme provides several features, especially reductions in electricity bills with the appropriate parameter settings.

ACS Style

Laihyuk Park; Chunghyun Lee; Joongheon Kim; Aziz Mohaisen; Sungrae Cho. Two-Stage IoT Device Scheduling With Dynamic Programming for Energy Internet Systems. IEEE Internet of Things Journal 2019, 6, 8782 -8791.

AMA Style

Laihyuk Park, Chunghyun Lee, Joongheon Kim, Aziz Mohaisen, Sungrae Cho. Two-Stage IoT Device Scheduling With Dynamic Programming for Energy Internet Systems. IEEE Internet of Things Journal. 2019; 6 (5):8782-8791.

Chicago/Turabian Style

Laihyuk Park; Chunghyun Lee; Joongheon Kim; Aziz Mohaisen; Sungrae Cho. 2019. "Two-Stage IoT Device Scheduling With Dynamic Programming for Energy Internet Systems." IEEE Internet of Things Journal 6, no. 5: 8782-8791.

Journal article
Published: 04 June 2019 in Applied Sciences
Reads 0
Downloads 0

As the demand for over-the-top and online streaming services exponentially increases, many techniques for Quality of Experience (QoE) provisioning have been studied. Users can take actions (e.g., skipping) while streaming a video. Therefore, we should consider the viewing pattern of users rather than the network condition or video quality. In this context, we propose a proactive content-loading algorithm for improving per-user personalized preferences using multinomial softmax classification. Based on experimental results, the proposed algorithm has a personalized per-user content waiting time that is significantly lower than that of competing algorithms.

ACS Style

Kyeongseon Kim; Dohyun Kwon; Joongheon Kim; Aziz Mohaisen. Personalized Online Live Video Streaming Using Softmax-Based Multinomial Classification. Applied Sciences 2019, 9, 2297 .

AMA Style

Kyeongseon Kim, Dohyun Kwon, Joongheon Kim, Aziz Mohaisen. Personalized Online Live Video Streaming Using Softmax-Based Multinomial Classification. Applied Sciences. 2019; 9 (11):2297.

Chicago/Turabian Style

Kyeongseon Kim; Dohyun Kwon; Joongheon Kim; Aziz Mohaisen. 2019. "Personalized Online Live Video Streaming Using Softmax-Based Multinomial Classification." Applied Sciences 9, no. 11: 2297.

Journal article
Published: 04 March 2019 in IEEE Transactions on Mobile Computing
Reads 0
Downloads 0

In this paper,we introduce a powerful hardware-based rogue access point (PrAP), which relay back and forth traffic between a legitimate AP and a wireless station, and act as a man-in-the-middle attacker. Our PrAP is built of two wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through experiments, we demonstrate the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although effective against software-based PrAP. In demonstrating that, we unveil new insight into fundamentals of time-based detectors for software-based rAP's and their operation: such techniques are only capable of detecting rAP's due to the speed of wireless AP bridging. To address the threat of such PrAP's, we propose a new tool for network administrators, a PrAP-Hunter based on intentional channel interference. PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile phone) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100% of detection rate, compared to 60% detection rate by the state-of-the-art. We show that our PrAP-Hunter is fast (takes 5-10 seconds), does not require any prior knowledge, and can be deployed in the wild by real world experiments at 10 coffee shops.

ACS Style

RhongHo Jang; Jeonil Kang; Aziz Mohaisen; Daehun Nyang. Catch Me If You Can: Rogue Access Point Detection Using Intentional Channel Interference. IEEE Transactions on Mobile Computing 2019, 19, 1056 -1071.

AMA Style

RhongHo Jang, Jeonil Kang, Aziz Mohaisen, Daehun Nyang. Catch Me If You Can: Rogue Access Point Detection Using Intentional Channel Interference. IEEE Transactions on Mobile Computing. 2019; 19 (5):1056-1071.

Chicago/Turabian Style

RhongHo Jang; Jeonil Kang; Aziz Mohaisen; Daehun Nyang. 2019. "Catch Me If You Can: Rogue Access Point Detection Using Intentional Channel Interference." IEEE Transactions on Mobile Computing 19, no. 5: 1056-1071.