Visible to the public Biblio

Filters: Author is Derhab, Abdelouahid  [Clear All Filters]
2020-01-27
Benmalek, Mourad, Challal, Yacine, Derhab, Abdelouahid.  2019.  An Improved Key Graph Based Key Management Scheme for Smart Grid AMI Systems. 2019 IEEE Wireless Communications and Networking Conference (WCNC). :1–6.

In this paper, we focus on versatile and scalable key management for Advanced Metering Infrastructure (AMI) in Smart Grid (SG). We show that a recently proposed key graph based scheme for AMI systems (VerSAMI) suffers from efficiency flaws in its broadcast key management protocol. Then, we propose a new key management scheme (iVerSAMI) by modifying VerSAMI's key graph structure and proposing a new broadcast key update process. We analyze security and performance of the proposed broadcast key management in details to show that iVerSAMI is secure and efficient in terms of storage and communication overheads.

2017-03-20
Karbab, ElMouatez Billah, Debbabi, Mourad, Derhab, Abdelouahid, Mouheb, Djedjiga.  2016.  Cypider: Building Community-based Cyber-defense Infrastructure for Android Malware Detection. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :348–362.

The popularity of Android OS has dramatically increased malware apps targeting this mobile OS. The daily amount of malware has overwhelmed the detection process. This fact has motivated the need for developing malware detection and family attribution solutions with the least manual intervention. In response, we propose Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building an efficient and scalable similarity network infrastructure of malicious apps. Our detection method is based on a novel concept, namely malicious community, in which we consider, for a given family, the instances that share common features. Under this concept, we assume that multiple similar Android apps with different authors are most likely to be malicious. Cypider leverages this assumption for the detection of variants of known malware families and zero-day malware. It is important to mention that Cypider does not rely on signature-based or learning-based patterns. Alternatively, it applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and most likely malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a learning model for each malicious community. Cypider shows excellent results by detecting about 50% of the malware dataset in one detection iteration. Besides, the preliminary results of the community fingerprint are promising as we achieved 87% of the detection.