Phishing is a threat in which users are sent fake emails that urge them to click a link (URL) which takes to a phisher's website. At that site, users' accounts information could be lost. Many technical and non-technical solutions have been proposed to fight phishing attacks. To stop such attacks, it is important to select the correct feature(s) to detect phishing emails. Thus, the current work presents a new method to selecting more efficient feature in detecting phishing emails. Best features can be extracted from email's body (content) part. Keywords and URLs are known features that can be extracted from email's body part. These two features are very relevant to the three general aspects of email, these aspects are, email's sender, email's content, and email's receiver. In this work, three effectiveness criteria were derived based on these aspects of email. Such criteria were used to evaluate the efficiency of Keywords and URLs features in detecting phishing emails by measuring their Effectiveness Metric (EM) values. The experimental results obtained from analyzing more than 8000 ham (legitimate) and phishing emails from two different datasets show that, relying upon the URLs feature in detecting phishing emails will predominantly give more precise results than relying upon the Keywords feature in a such task. � 2014 IEEE.

The target of botnet attacks has shifted from the personal computers to smartphones and mobile devices due to computational power and functionality of the mobile devices. Mobile botnet is a network consists of compromised mobile devices controlled by a botmaster through a command and control (C&C) network. Nowadays mobile botnets attacks are increasingly being used for advanced political or financial interest. Due to its popularity amongst the mobile operating system, Android has become the most targeted platform by the mobile botnets. The popularity of Android attracts the attackers to develop malicious applications with the botnet capability to hijack users� devices. In this paper, a new Android botnet classification based on GPS exploitation based on permissions and API calls is proposed using feature selection. The training was carried out using malware dataset from the Drebin and tested using 800 mobile apps from the Google Play store. The experiment was conducted using static analysis and open source tools in a controlled lab environment. This new classification can be used as a reference for other researchers in the same field to secure against GPS exploitation from Android botnet attacks. � Springer International Publishing AG 2018.

Currently, mobile botnet attacks have shifted from computers to smartphones due to its functionality, ease to exploit, and based on financial intention. Mostly, it attacks Android due to its popularity and high usage among end users. Every day, more and more malicious mobile applications (apps) with the botnet capability have been developed to exploit end users' smartphones. Therefore, this paper presents a new mobile botnet classification based on permission and Application Programming Interface (API) calls in the smartphone. This classification is developed using static analysis in a controlled lab environment and the Drebin dataset is used as the training dataset. 800 apps from the Google Play Store have been chosen randomly to test the proposed classification. As a result, 16 permissions and 31 API calls that are most related with mobile botnet have been extracted using feature selection and later classified and tested using machine learning algorithms. The experimental result shows that the Random Forest Algorithm has achieved the highest detection accuracy of 99.4% with the lowest false positive rate of 16.1% as compared to other machine learning algorithms. This new classification can be used as the input for mobile botnet detection for future work, especially for financial matters. � 2017 IEEE.

Currently, there are many attacks and exploitation to Android smartphones by the attackers all over the world. These attacks are based on profit and caused loss of money and productivity to the victim. This exploitation can be done via camera, SMS, call, audio, image or location exploitation by attacking the system call, permission or API inside the Android smartphone. Therefore, this paper presents 32 mobile malware classification based on system call and permission to detect camera exploitation for Android smartphone. The experiment was conducted in a controlled lab environment, by applying reverse engineering with 5560 training dataset from Drebin, where both static and dynamic analyses were used to identify and extract the permission and system call from the mobile applications (apps). These 32 classification have been evaluated with 500 mobile apps from Google Play Store and 19 mobile apps matched with the classification. This new classification can be used as the database and input for the development of new mobile malware detection model for camera exploitation. Copyright International Association of Engineers.

Mobile malware is ubiquitous in many malicious activities such as money stealing. Consumers are charged without their consent. This paper explores how mobile malware exploit the system calls via SMS. As a solution, we proposed a system calls classification based on surveillance exploitation system calls for SMS. The proposed system calls classification is evaluated and tested using applications from Google Play Store. This research focuses on Android operating system. The experiment was conducted using Drebin dataset which contains 5560 malware applications. Dynamic analysis was used to extract the system calls from each application in a controlled lab environment. This research has developed a new mobile malware classification for Android smartphone using a covering algorithm. The classification has been evaluated in 500 applications and 126 applications have been identified to contain malware. � Springer International Publishing AG 2017.

Android mobile devices are used for various applications. Online banking and shopping are increasingly being performed on smartphones. As the role of smartphones in business grows, the floodgates have opened mobile devices to malware threats, which can be exploited for malicious purposes. Mobile malware is growing in sophistication and continues to target consumers. Consumers are charged without affirmative consent. As a solution to this challenge, we proposed a system call classification based on surveillance exploitation system calls for SMS. The proposed system calls classification is evaluated and tested using applications from Google Play Store. This research focuses on Android operating system. The experiment was conducted using Drebin dataset which contains 5560 malware applications. Dynamic analysis was used to extract the system calls from each application in a controlled lab environment. This research has developed a new mobile malware classification for Android smartphone using a covering algorithm. The classification has been evaluated in 500 applications and 126 applications have been identified to contain malware. � 2017 American Scientific Publishers All rights reserved.

Individual user and organizations benefit from cloud computing services, which allow permanent online storage of files. The problem occurs when companies store highly confidential documents in cloud servers. Therefore, this paper aims to introduce a backbone structure for a cloud storage system where the security and personal privacy is highly maximized. It is very obvious that cloud computing servers are highly protected against unauthorized access, but in some cases these files stored can be accessible by the maintenance staffs. Fully protection is needed to ensure that the files stored in the server are only accessible to owners. This paper proposes a system that will employ Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES) combination encryption process using USB device. The files may be accessed in the cloud but all the files will remain encrypted till the USB device is plugged into the computer. The point of applying such method is to fully protect the files and avoid using one single password. The randomly generated passkeys are very complex combinations thus user will not be able to fully memorize them. The proposed system will detect the USB that contains the private-key used for the files to be downloaded from the cloud. � 2015 IEEE.

Phishing is a cybercrime in which, Internet users are delivered, commonly through emails, to simulated websites where they could be lured to disclose their personal information for attackers’ benefit. Phishing attacks were increased about 60% in the second half of 2013 over what was seen in first half of the same year. Although the number of proposed anti-phishing solutions, phishers still able to bypasses anti-phishing systems, in many cases, through users’ inattention behaviour. Therefore, phishing becomes a layered problem that require addressing issues at both of technical and non-technical (human) layers. Numerous of client-side toolbars were proposed as a technical solution to combat phishing attacks at user’s layer. Anti-phishing toolbars however, still unable to completely protect users from phishing attacks. This paper has reviewed theses toolbars to provide a clear understanding about their performance and limitation points. Such a review is required to draw clear directions of future solutions to alliviate these limitations.

The internet is ever expanding and online information is booming, making identification and detection of different web information vitally important, particularly those of dark web or Cyber extremists. Webpages with extremist and terrorist content are believed to be main factors in the radicalization and recruitment of disaffected individuals who might be involved in terrorist activities at home or those who fight alongside terrorist groups abroad. In fact, the sheer volume of online data makes it practically impossible for authorities to carry out the individual examination for every webpage, post or conversational thread that might or might not be relevant to terrorism or contain terrorist sympathies. As terrorists exist within every nation and every religion, hence this paper presents a review and systematic analysis of existing webpages on Cyber Terrorists. This include of existing database of Cyber extremists words and existing techniques of web classifier for keywords. Based on this paper systematic analysis, it will be the input for the formation of a new Cyber extremists WorldNet. � 2019 IEEE.

Nowadays, mobile botnet has become as one of the most dangerous threats for smartphone. It has the capabilities of committing many criminal activities, such as remote access, Denial of Service (DoS), phishing, spreading malwares, stealing information and building mobile devices for illegitimate exchange of information and it is crucial to have an efficient mobile botnet detection mechanism. Therefore, this research paper presents a systematic review analysis of root exploitation for mobile botnet detection and a proof of concept how the mobile botnet attacks. This proof of concept includes analysis of mobile botnet sample using reverse engineering technique and static analysis. � Springer International Publishing Switzerland 2016.

Nowadays, mobile botnet is becoming a new threat for smartphone users especially on the Android platform. The rapid growth of smartphones technology becomes a major cause of the increasing number of mobile botnet attacks. Zeus and DroidDream are examples of mobile botnets that affect thousands of users all over the world. These mobile botnets secretly collect device information including SMSs, contacts, GPS locations, and browsing history. Mobile botnets also has the capability to record audio via a compromised device�s microphone. Therefore, this paper reviews the existing techniques in mobile botnet detection specifically for GPS exploitation. Based on a comprehensive review and preliminary study carried out in this research, the mechanism on how GPS features are exploited by mobile botnet to attack end users has been identified. � 2017 American Scientific Publishers All rights reserved.

Smartphones have become an important part of human lives, and this led to an increase number of smartphone users. However, this also attracts hackers to develop malicious applications especially Android botnet to steal the private information and causing financial losses. Due to the fast modifications in the technologies used by malicious application (app) developers, there is an urgent need for more advanced techniques for Android botnet detection. In this paper, a new approach for Android botnet classification based on features selection and classification algorithms is proposed. The proposed approach uses the permissions requested in the Android app as features, to differentiate between the Android botnet apps and benign apps. The Information Gain algorithm is used to select the most significant permissions, then the classification algorithms Na�ve Bayes, Random Forest and J48 used to classify the Android apps as botnet or benign apps. The experimental results show that Random Forest Algorithm achieved the highest detection accuracy of 94.6% with lowest false positive rate of 0.099. � 2017 American Scientific Publishers All rights reserved.

Agent-based IDS is a powerful technique used by network administrator to monitor traffic activities in their network. However, the widespread network coverage has introduced a possibility of a hacker installing unauthorized agents or fake agents secretly within the network. This is considered as a very serious threat to the network security. This paper proposes a protocol that is used to detect the presence of a fake agent upon its installation. The technique is a combination of Elgamal encryption, Elgamal digital signature, and SHA-I message digest function. A simple implementation was developed to test the proposed protocol. � 2008 IEEE. DOI 10.1109/CIT.2008.Workshops.122.

Growth of data over time especially in term of volume, velocity, value, veracity and variety led to many challenges especially in extracting useful information from it. Furthermore, managing and transforming raw data into a readable format is crucial for subsequent analysis. Therefore, this paper presents a new web server log file classification and an efficient way of transforming raw web log files by using knowledge database discovery (KDD) technique into a readable format for data mining analysis. An experiment was conducted to the raw web log files, in a controlled lab environment, by using KDD technique and k-nearest neighbor (IBk) algorithm. Based on the experiment conducted, the IBk algorithm generates 99.66% for true positive rate (TPR) and 0.34% for false positive rate (FPR) which indicates the significant efficiency of the new web log file classification and data transformation technique used in this paper.

Ontology analysis has been shown to be an effective first step in the construction of robust knowledge based system. Moreover, the popularity of semantic technologies and the semantic web has provided several beneficial opportunities for the modeling and computer security communities of interest. This paper describes the role of ontologies in facilitating network security modeling. It outlines the technical challenges in distributed network security simulation modeling and describes how ontologybased methods may be applied to address these challenges. The paper concludes by describing an ontology-based solution framework for network security simulation modeling and analysis and outlining the benefits of this solution approach. �2008 IEEE.

Immune system is essential to human body as it protects our bodies from pathogens in an orchestrated manner. From a computational viewpoint, the immune system has much to offer by way of inspiration. Recently, there has been growing interest in the use of natural immune system as inspiration for the creation novel approaches to computational problem. This field of research is referred as Immunological Computation or Artificial Immune System. The use of artificial system computer security is an appealing concept for two reasons. Firstly, the human immune system provides human body with a high level protection from invading pathogens in robust manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. This paper introduces the concept of apoptosis for computer security. This term is borrowed from cell biology and designates the programmed cell death. � 2008 IEEE.

A procedure is one of the most important elements that should be emphasized when handling any incident related with the cyber world. It is easily forgotten by many organizations, IT administrator and users, especially when dealing with the worms attack. Using the incident response methodology as the basis to build up the STAKCERT framework, the researchers have proposed this novel framework which helps to increase the efficiency in handling worm incident, thus facilitate the process of responding to the worm incident. The STAKCERT framework consists of 2 phases where in phase 1, a novel standard operating procedure in worm detection and analysis have been introduced. In phase 2 of the framework, the worm isolation procedure is inspired by apoptosis. Apoptosis is also known as cell programmed death borrowed from the biology term. � 2009 IEEE.

Wireless Sensor Networks (WSNs) use tiny, inexpensive sensor nodes with several distinguishing characteristics: they have very low processing power and radio ranges, permit very low energy consumption and perform limited and specific monitoring and sensing functions. However, its security becomes an issue because in WSNs, there is virtual communication by passing the data through sensor via internet. Caused of its limited capability, an intruder can attack the communication easier. Furthermore, routing in wireless sensor networks has, to some extent, been reasonably well studied. However, most current research has focused primarily on providing the most energy efficient routing. There is a great need for both secure and energy efficient routing protocols in WSN. Therefore, this project studies about the packets in WSN. To achieve the objectives, this project used AODV routing protocol to analyze the packets abnormalities in WSNs by using simulation technique. To show the differentiations of packets behaviors, the simulations have been conducted on AODV routing protocol under malicious node and without malicious node. It also conducts an analysis of packets behavior on flooding attack. � 2009 IEEE.

Android has dominated the smartphone market share with 82.8% compared to other platforms such as iOS, Windows, Blackberry OS and others in the world. This growth makes the android being most targeted by mobile malwares. There are many ways to infect users with malicious applications such as by uploading the infected apps at the third party store, repackaged application and drive-by-download. This paper presents the commonly and widely used of permissions and APIs by the mobile botnet to exploit the smartphones. Experiment has been conducted in a controlled lab environment and by doing static analysis and reverse engineered the apps source code. The identified permissions and APIs in this experiment are crucial prior forming the mobile botnet detection model. � 2017 American Scientific Publishers All rights reserved.

The increasing number of smartphone over the last few years reflects an impressive growth in the number of advanced malicious applications targeting the smartphone users. Recently, Android has become the most popular operating system opted by users and the most targeted platform for smartphone malware attack. Besides, current mobile malware classification and detection approaches are relatively immature as the new advanced malware exploitation and threats are difficult to be detected. Therefore, an efficient approach is proposed to improve the performance of the mobile malware classification and detection. In this research, a new system call classification with call logs exploitation for mobile attacks has been developed using tokenization approach. The experiment was conducted using static and dynamic-based analysis approach in a controlled lab. System calls with call logs exploitation from 5560 Drebin samples were extracted and further examined. This research paper aims to find the best n value and classifier in classifying the dataset based on the new patterns produced. Na�ve Bayes classifier has successfully achieved accuracy of 99.86% which gives the best result among other classifiers. This new system call classification can be used as a guidance and reference for other researchers in the same field for security against mobile malware attacks targeted to call logs exploitation. � Copyright International Association of Engineers.