Publications
Refeered Papers
Fraudulent and Malicious Sites on the Web
A. Obied and R. Alhajj
Journal of Applied Intelligence, Volume 30, Number 2, Pages 112-120, Springer.
April 2009.
(
Abstract |
PDF |
DOI )
Fraudulent and malicious web sites pose a significant
threat to desktop security, integrity, and privacy. This
paper examines the threat from different perspectives. We
harvested URLs linking to web sites from different sources
and corpora, and conducted a study to examine these URLs
in-depth. For each URL, we extract its domain name, determine
its frequency, IP address and geographic location, and
check if the web site is accessible. Using 3 search engines
(Google, Yahoo!, and Windows Live), we check if the domain
name appears in the search results; and using McAfee
SiteAdvisor, we determine the domain name’s safety rating.
Our study shows that users can encounter URLs pointing
to fraudulent and malicious web sites not only in spam and
phishing messages but in legitimate email messages and the
top search results returned by search engines. To provide
better countermeasures against these threats, we present a
proxy-based approach to dynamically block access to fraudulent
and malicious web sites based on the safety ratings set
by McAfee SiteAdvisor.
Theses
Collection and Analysis of Web-based Exploits and Malware
A. Obied
M.Sc. Thesis. Department of Computer Science, University of Calgary.
September 2008.
(
Abstract |
PDF )
Malicious software in the form of worms, Trojan horses, spyware, and bots has
become an effective tool for financial gain. To effectively infect the computers of
unsuspecting users with malware, attackers use malicious Web pages. When a user
views a malicious Web page using a Web browser, the malicious Web page delivers a
Web-based exploit that targets browser vulnerabilities. Successful exploitation of a
browser vulnerability can lead to an automatic download and execution of malware
on the victim's computer.
This thesis presents a honeypot that uses Internet Explorer as bait to identify
malicious Web pages, which successfully download and execute malware via Web-based
exploits. When the honeypot instructs Internet Explorer to visit a Web page,
the honeypot monitors and records process and file creation activities of Internet
Explorer and processes spawned by Internet Explorer. The recorded activities are
analyzed to find deviations from normal behavior, which indicate successful exploitation.
The Web-based exploits delivered by the malicious Web pages and the malware
downloaded by the exploits are automatically collected by the honeypot after successful
exploitations. Additionally, the honeypot constructs an analysis graph to find
relationships between different malicious Web pages and identify the Web pages that
download the same malware.
This thesis also presents an analysis of data collected by the honeypot after
processing 33,811 URLs collected from three data sets. Observations and case studies
are presented to provide insights about Web-based exploits and malware, malicious
Web pages, and the techniques used by attackers to deliver and obfuscate the exploits.
An Analysis of Network Attacks and their Countermeasures
A. Obied
B.Sc. Honours Thesis. Department of Computer Science, University of Calgary.
April 2005.
(
Abstract |
PDF )
Malicious attacks are getting smarter, more widespread and increasingly difficult to
detect, and dozens more are added to the menagerie each day. Identifying and classifying
the type of malicious program spreading across global networks is a crucial step in
developing strategies to contain and eradicate it. This paper describes the most common
attacks used these days to paralyze computer and network resources. It provides
network traces of malicious traffic and strategies for providing better countermeasures.
Data sets captured at the University of Calgary are analzyed to classify intrusion attempts
and identify security holes in the University’s network.
Non-Refereed Papers
Bayesian Spam Filtering
A. Obied
Department of Computer Science, University of Calgary.
April 2007.
(
Abstract |
PDF )
With the enormous amount of spam messages propagating on
the Internet these days, anti-spam researchers and developers are trying
to build spam filters to get rid of such unsolicited messages as accurately
as possible. In this paper, I describe a machine learning approach based
on Bayesian analysis to filter spam. The filter learns how spam and nonspam
messages look like, and is capable of making a binary classification
decision (spam or non-spam) whenever a new email message is presented
to it. The evaluation of the filter showed its ability to make decisions with
high accuracy (96.24% in the worst case and 99.66% in the best case).
Honeypots and Spam
A. Obied
Department of Computer Science, University of Calgary.
December 2006.
(
Abstract |
PDF )
Honeypots are closely monitored computing resources
that can provide early warning about new vulnerabilities
and exploitation techniques, distract attackers from valuable
computer systems, or allow in-depth examination
of attackers during and after exploitation of a honeypot.
Extensive research into honeypot technologies has been
done in the past several years to provide better countermeasures
against malicious attacks and track attackers.
This paper describes honeypots in-depth and discusses
how honeypots can be used to fight spam and spammers
effectively.
Secure Email with Fingerprint Recognition
A. Obied
Department of Computer Science, University of Calgary.
December 2006.
(
Abstract |
PDF )
Public key cryptographic techniques have been used to protect
email messages via encryption and digital signatures for more than
26 years. Such techniques, however, failed to adopt secure email messaging
due to a combination of technical, social, and usability issues. We
present a new approach to email security that uses fingerprint recognition
and cryptographic hash functions to secure access to email accounts and
messages, and to sign and verify email messages. Our approach does not
require doing expensive computations to verify a user’s signature as opposed
to public key cryptographically protected email. We keep the amount
of user interaction required to the minimum, and provide email users
with security features that include state-of-the-art biometric authentication
schemes.
How to Attack Biometric Systems in Your Spare Time
A. Obied
Department of Computer Science, University of Calgary.
November 2006.
(
Abstract |
PDF )
Biometric systems were proposed and developed to provide
a better and stronger factor of authentication. Such
systems authenticate individuals based on physical and
behavioral traits such as fingerprints, iris, face, palm
print, hand geometry, voice, etc. The use of biometric
traits to replace existing passwords or as access keys
has proven to be highly secure against physical attacks.
It is a fact that malicious attacks are getting smarter,
more widespread and increasingly difficult to detect,
and dozens more are added to the menagerie each day.
Attacking biometric systems physically is quite difficult
indeed. However, by mounting digital attacks one can
see how biometric systems are vulnerable. We discuss
the different types of software and hardware vulnerabilities
that exist in biometric systems, and show how
biometric template security can be compromised. We
present a new attack point at the application level that
has not been addressed and discussed in previous work.
We also describe how biometric cryptosystems can overcome
some of the disadvantages in traditional biometric
recognition systems, and show how such systems can be
used effectively in Digital Rights Management (DRM)
systems.
Broadcast Encryption
A. Obied
Department of Computer Science, University of Calgary.
April 2005.
(
Abstract |
PDF )
Broadcast encryption is an interesting application of cryptography which allows one
to broadcast a secret to a changing group of intended recipients in such a way that
no one outside this group can view the secret. Interest in using broadcast encryption
techniques has grown considerably in recent years and such techniques have been integrated
in many applications and technologies such as virtual private networks, cable
TV networks, mobile and wireless networks and many more. This report describes
broadcast encryption in depth along with the related techniques, threats, protocols and
applications.