access deny [1301]
access deny [1026]
Recently there has been much interest in moving objects databases because of their applications in many domains, such as location-based services and traffic management. Moving objects databases store and manage information representing changes in the spatial properties of moving objects over time. Meanwhile, privacy protection has been one of the most important concerns in these databases. In this paper, we study this problem by presenting DPLG, a location generalization approach for moving objects databases that preserves the strong guarantee of differential privacy. Our main goal is to guarantee non-uniform privacy for locations with different privacy protection requirements while being scalable for spatial domains with a large number of
An online auction network (OAN) is a community of users who buy or sell items through an auction site. Along with the growing popularity of auction sites, concerns about auction frauds and criminal activities have increased. As a result, fraud detection in OANs has attracted renewed interest from researchers. Since most real OANs are large-scale networks, detecting fraudulent users is usually difficult, especially when multiple users collude with each other and new online auctions are continuously added. Although collusive auction frauds are not as popular as other types of auction frauds, they are more horrible and catastrophic because they often bring huge financial losses. To tackle this issue, some techniques have been proposed to detec
Many organizations today use a variety of security and monitoring tools at various levels of defense. These tools often generate heterogeneous alerts and logs when an attack occurs. Because of the large volume and dispersion of these alerts and logs, the manual cross-correlation of them is a time-consuming and labor-intensive task. The main challenge is that heterogeneous alerts and logs generated as a result of an attack stage do not necessarily have common features, or there are no explicit relationships between them that can be used for cross-correlation. In this paper, we overcome this deficiency by presenting HAL-RD, a novel technique that uses resource dependencies to cross-correlate heterogeneous alerts and logs. In this technique, w
Spatial databases are essential to applications in a wide variety of domains. One of the main privacy concerns when answering statistical queries, such as range counting queries, over a spatial database is that an adversary observing changes in query answers may be able to determine whether or not a particular geometric object is present in the database. Differential privacy addresses this concern by guaranteeing that the presence or absence of a geometric object has little effect on query answers. Most of the current differentially private mechanisms for spatial databases ignore the fact that privacy is personal and, thus, provide the same privacy protection for all geometric objects. However, some particular geometric objects may be more
The pervasive use of mobile technologies and GPS-equipped vehicles has resulted in a large number of moving objects databases. Privacy protection is one of the most significant challenges related to moving objects databases because of the legal requirements in many application domains. Over the last few years, several differentially private mechanisms have been proposed for moving objects databases. However, most of them aim to answer statistical queries and do not release a differentially private version of a moving objects database. In this paper, we present DP-MODR, a differentially private (DP) mechanism for synthetic moving objects database release (MODR). DP-MODR tries to efficiently and effectively release synthetic trajectories whil
Malware is continuously evolving and becoming more sophisticated to avoid detection. Traditionally, the Windows operating system has been the most popular target for malware writers because of its dominance in the market of desktop operating systems. However, despite a large volume of new Windows malware samples that are collected daily, there is relatively little research focusing on Windows malware. The Windows Registry, or simply the registry, is very heavily used by programs in Windows, making it a good source for detecting malicious behavior. In this paper, we present RAMD, a novel approach that uses an ensemble classifier consisting of multiple one-class classifiers to detect known and especially unknown malware abusing registry keys
Moving objects databases have become an enabling technology for location-based applications. They mostly focus on the storing and processing of data about moving objects. Privacy protection is one of the most important concerns related to such databases. In recent years, some mechanisms have been proposed to answer statistical queries over moving objects databases, while satisfying differential privacy. However, none of them consider the case where a moving objects database contains non-spatiotemporal sensitive attributes other than spatiotemporal attributes. Besides, most of them do not support the personalized privacy protection requirements of different moving objects. In this paper, we address these problems by presenting PDP-SAG, a dif
Malicious programs, or malware, often use code obfuscation techniques to make static analysis difficult. To deal with this problem, various behavioral detection techniques have been proposed that focus on runtime behavior to distinguish between benign and malicious programs. The majority of them are based on the analysis and modeling of system call traces, which are a common type of audit data often used to describe the interaction between programs and the operating system. However, the techniques are not widely used in practice because of high performance overheads. An alternative approach is to perform behavioral detection at the hardware level. The basic idea is to use information that is accessible through hardware performa
Malware, short for malicious software, is a general collective term for any program that gains access to a system without the knowledge of the owner and fulfills the malicious intent of an attacker. Over the past few years, various techniques have been proposed that focus on the run-time behavior of programs in order to dynamically detect malware. Most of the techniques rely on the analysis of system call traces provided by the underlying operating system. An alternative and promising approach is to perform malware detection at the hardware level. In this paper, we pursue this line of research by presenting Akoman, a novel technique that uses hardware events in current modern processors to build behavioral models of malware. Akoman follows
The ubiquity of location-aware mobile devices and information systems has made it possible to collect large amounts of movement data such as trajectories of moving objects. However, it must be carefully managed to ensure that the privacy of each moving object or sensitive location is guaranteed. In this paper, we investigate how different locations of a geographical map can meet their individual privacy protection requirements using differential privacy (DP). More specifically, we aim to guarantee that the inclusion of any trajectory data record in a trajectory database does not substantially increase the risk to its privacy, while ensuring the required level of privacy protection for each location. To achieve this, we introduce the concept
An online social network (OSN) is a social structure made up of a set of users that are interested to communicate with each other in an online environment in order to share information. Social networking services (SNSs) are web-based platforms for building OSNs. SNSs are increasingly threatened by social bots that are fake or compromised user accounts with malicious intent, which mimic the behavior of legitimate users to evade detection. A social botnet refers to a group of social bots under the control of a single botmaster, which collaborate to conduct the same malicious activities. Using social botnets, spammers are now able to flood news and political websites with tens of thousands of comments. In recent years, there has been a growing
Differential privacy is a technique for releasing statistical information about a database without revealing information about its individual data records. Also, a personalized-location trajectory database is a trajectory database where locations have different privacy protection requirements and, thus, are privacy conscious. This data article is related to the research article entitled “PLDP-TD: Personalized-location differentially private data analysis on trajectory databases” (Deldar and Abadi, 2018 [1]), in which we introduced a new differential privacy notion for personalized-location trajectory databases, and devised a novel differentially private algorithm, called PLDP-TD, to implement this new privacy notion. Here, we describe h
Over the past few years, botnets have emerged as one of the most serious cybersecurity threats faced by individuals and organizations. After infecting millions of servers and workstations worldwide, botmasters have started to develop botnets for mobile devices. Mobile botnets use different mediums to communicate with their botmasters. Although significant research has been done to detect mobile botnets that use the Internet as their command and control (C&C) channel, little research has investigated SMS botnets per se. In order to fill this gap, in this paper, we first divide SMS botnets based on their characteristics into three families, namely, info stealer, SMS stealer, and SMS spammer. Then, we propose SMSBotHunter, a novel anomaly dete
Online auctions have become very popular over the last few years. This popularity is evidenced by the explosive growth of online auction sites with millions of users buying and selling goods from all over the world. However, this rapid growth of online auctions has also led to a corresponding increase in online frauds. While collusive auction frauds are not as common as other types of online frauds, they are more dangerous because they are more difficult to detect and often result in larger financial losses. In recent years, a number of techniques have been proposed to detect collusive frauds in online auction networks. While all the techniques have shown promising results, they often suffer from slow convergence or low detection performanc
Due to significant increase in the popularity and usage of Android mobile devices, the number of malware targeting such devices has also increased dramatically. To confront with Android malware, several anomaly detection techniques have been proposed that are able to detect zero-day malware, but they often produce many false alarms that make them impractical for real-world use. In this paper, we address this problem by presenting AMD-EC, an entropy-based anomaly detection technique that uses an ensemble classifier consisting of multiple one-class classifiers to detect Android malware. Our work is motivated by the observation that combining multiple classifiers often produces higher overall classification accuracy than any individual classif
During the past few years, the number of malware designed for Android devices has increased dramatically. To confront with Android malware, some anomaly detection techniques have been proposed that are able to detect zero-day malware, but they often produce many false alarms that make them impractical for real-world use. In this paper, we address this problem by presenting DroidNMD, an ensemble-based anomaly detection technique that focuses on the network behavior of Android applications in order to detect Android malware. DroidNMD constructs an ensemble classifier consisting of multiple heterogeneous one-class classifiers and uses an ordered weighted averaging (OWA) operator to aggregate the outputs of the one-class classifiers. Our work i
Trajectory data often provide useful information that can be used in real-life applications, such as traffic management, Geo-marketing, and location-based advertising. However, a trajectory database may contain detailed information about moving objects and associate them with sensitive attributes, such as disease, job, and income. Therefore, improper publishing of the trajectory database can put the privacy of moving objects at risk, especially when an adversary uses partial trajectory information as its background knowledge. The existing approaches for privacy preservation in trajectory data publishing provide the same privacy protection for all moving objects. The consequence is that some moving objects may be offered insufficient privacy
Along with the significant increase in the popularity of Android mobile devices, the number of malicious applications running on them has also increased dramatically in the recent past. In this paper, we propose DroidMalHunter, a novel entropy-based anomaly detection system to detect meaningful deviations in the network behavior of Android applications. Our system is based on the observation that there is often low complexity in the traffic patterns of malicious applications, resulting in a high regularity in their observed network behavior that can be quantified by entropy measures. Exploiting this observation, we investigate the use of two popular entropy measures, namely sample entropy and modified sample entropy, in detecting malicious
In recent years, web-based attacks have made up a substantial portion of all security attacks because web-based vulnerabilities are so common and so easy to exploit. To counter these attacks, many anomaly detection systems have been proposed that are able to detect both known and unknown attacks launched against web-based applications. However, most of them suffer from a large number of false alarms. In this paper, we address this problem by presenting OC-WAD, a novel approach to construct an ensemble of one-class SVM classifiers for anomaly detection in web traffic. OC-WAD uses a novel binary artificial bee colony algorithm, called BeeSnips, to prune the initial ensemble of one-class SVM classifiers and to find a near-optimal sub-ensemble.
JavaScript code obfuscation has become a major technique used by malware writers to evade static analysis techniques. Over the past years, a number of dynamic analysis techniques have been proposed to detect obfuscated malicious JavaScript code at runtime. However, because of their runtime overheads, these techniques are slow and thus not widely used in practice. On the other hand, since a large quantity of benign JavaScript code is obfuscated to protect intellectual property, it is not effective to use the intrinsic features of obfuscated JavaScript code for static analysis purposes. Therefore, we are forced to distinguish between obfuscated and non-obfuscated JavaScript code so that we can devise an efficient and effective analysis techni