IJCSIS Papers by Iman Almomani
Multimedia streaming sessions in general and Voice over Internet Protocol (VoIP) calls in specifi... more Multimedia streaming sessions in general and Voice over Internet Protocol (VoIP) calls in specific are more vulnerable to security attacks than traditional telephone calls due to the vulnerability of the IP network itself. Currently, there is a great interest in securing VoIP calls especially after many recent leaks and eavesdropping cases. The most common security enforcer applied to achieve confidentiality is encryption. Applying encryption techniques to VoIP traffic should take into consideration strict delay requirement for real-time traffic. Also, the type of speech coder has also implications as different speech coders have different accumulation and algorithmic delays. Encryption techniques could be used before or after speech coding. In this paper, several experiments have been conducted to assess the effect of encryption, speech coding and packet loss on speech quality. Perceptual Evaluation of Speech Quality (PESQ) as a speech-specific quality evaluation technique is used in this paper, then it will be mapped to the most common metric in opinion rating; Mean Opinion Score (MOS) values to test the quality of the received voice stream.
Papers by Iman Almomani
Ransomware attack is posting a serious threat against Android devices and stored data that could ... more Ransomware attack is posting a serious threat against Android devices and stored data that could be locked or/and encrypted by such attack. Existing solutions attempt to detect and prevent such attack by studying different features and applying various analysis mechanisms including static, dynamic or both. In this paper, recent ransomware detection solutions were investigated and compared. Moreover, a deep analysis of android permissions was conducted to identify significant android permissions that can discriminate ransomware with high accuracy before harming users' devices. Consequently, based on the outcome of this analysis, a permissions-based ransomware detection system is proposed. Different classifiers were tested to build the prediction model of this detection system. After the evaluation of the ransomware detection service, the results revealed high detection rate that reached 96.9%. Additionally, the newly permission-based android dataset constructed in this research will be made available to researchers and developers for future work.
WMANETs are more popular and successful in the marketplace of the future wireless technology as i... more WMANETs are more popular and successful in the marketplace of the future wireless technology as indicated by the increasing usage of Bluetooth and Wireless Local Area Networks (WLANs). To aid the application of WMANETs in any wireless environment, when required, and to achieve the services demanded by the user, we need to define WMANETs as a whole object with clear syntax and semantics. In this paper we propose an Architectural Framework for WMANETs (AF WMANETs) that can be applied to WMANETs in different network environments, for example cellular systems, smart homes or smart offices. The proposed architecture presents a full description for WMANETs from three different viewpoints: Enterprise, Information, and Computational. This description improves the understanding of WMANETs properties, requirements and needs. The current challenges that face WMANETs such as: routing, security, scalability, Quality of Service (QoS), and so on can thus be easily defined and their solution can be realized. This paper provides an example of using the AF WMANETs to build a comprehensive, top-down, end-to-end security solution for WMANETs.
World Academy of Science, Engineering and Technology, International Journal of Computer and Information Engineering, Sep 25, 2015
Advances in intelligent systems and computing, 2018
Recently, with the purpose of helping developers reduce the needed effort to build highly secure ... more Recently, with the purpose of helping developers reduce the needed effort to build highly secure software, researchers have proposed a number of vulnerable source code prediction models that are built on different kinds of features. Identifying security vulnerabilities along with differentiating non-vulnerable from a vulnerable code is not an easy task. Commonly, security vulnerabilities remain dormant until they are exploited. Software metrics have been widely used to predict and indicate several quality characteristics about software, but the question at hand is whether they can recognize vulnerable code from non-vulnerable ones. In this work, we conduct a study on static code metrics, their interdependency, and their relationship with security vulnerabilities in Android applications. The aim of the study is to understand: (i) the correlation between static software metrics; (ii) the ability of these metrics to predict security vulnerabilities, and (iii) which are the most informative and discriminative metrics that allow identifying vulnerable units of code.
Hereditary haemochromatosis (HH) is an autosomal recessive disease, where HFE C282Y homozygosity ... more Hereditary haemochromatosis (HH) is an autosomal recessive disease, where HFE C282Y homozygosity accounts for 80-85% of clinical cases among the Caucasian population. HH is characterised by the accumulation of iron, which, if untreated, can lead to the development of liver cirrhosis and liver cancer. Since iron overload is preventable and treatable if diagnosed early, high-risk individuals can be identified through effective screening employing artificial intelligencebased approaches. However, such tools expose novel challenges associated with the handling and integration of large heterogeneous datasets. We have developed an efficient computational model to screen individuals for HH using the family study data of the Hemochromatosis and Iron Overload Screening (HEIRS) cohort. This dataset, consisting of 254 cases and 701 controls, contains variables extracted from questionnaires and laboratory blood tests. The final model was trained on an extreme gradient boosting classifier using the most relevant risk factors: HFE C282Y homozygosity, age, mean corpuscular volume, iron level, serum ferritin level, transferrin saturation, and unsaturated iron-binding capacity. Hyperparameter optimisation was carried out with multiple runs, resulting in 0.94 ± 0.02 area under the receiving operating characteristic curve (AUCROC) for tenfold stratified cross-validation, demonstrating its outperformance when compared to the iron overload screening (IRON) tool. Iron overload is characterised by the accumulation of iron in the body, and the primary cause for this condition is hereditary haemochromatosis (HH). HH is an autosomal recessive genetic disease associated with the C282Y homozygosity in HFE gene, accounting for 80-85% of HH cases in the Caucasian population 1. This condition is characterized by increased iron absorption rates, and leads to the accumulation of iron (iron overload), mainly in the liver, heart and endocrine glands 2. If left untreated, the iron overload leads to the development of liver cirrhosis and liver cancer, decreasing life expectancy 3. These complications can be prevented by phlebotomy therapy if diagnosis is made before any organ damage occurs. Thus, it is of utmost importance to identify individuals at risk of iron overload in order to maximise on early prevention and/or early intervention measures 4 , reduce treatment costs and improve HH individuals' life expectancy. Commonly, high risk individuals can be identified based on their family health history, clinical biomarkers, and monogenic risk or on polygenic risk scores. Even though different sources of data can be used to estimate disease-specific risk, most common risk assessment models rely only on one specific type of data. For example, family health history is widely integrated in the risk assessment of common chronic diseases, and it has been shown that an individual's risk is proportional to the number of relatives affected by the disease 5. While for some diseases, such as hereditary breast and ovarian cancer, the risk can be assessed solely on family health history, for others, such as HH, risk assessment tools also integrate clinical and demographic information 5. Multiple HFE-associated HH cohorts, such as the Hemochromatosis and Iron Overload Screening (HEIRS) 3 , HealthIron 6 , Southern French registry 7 , have been investigated to identify the genetic and environmental modifiers of iron-overload phenotypes, as well as the HH clinical prevalence and genotype penetrance. Among those, the largest available cohort is the HEIRS cohort, where more than 100,000 individuals were enrolled in the United States and in Canada. Multiple studies have extensively investigated the HEIRS cohort, and key insights were reviewed in McLaren and Gordeuk (2009). In addition, data from the HEIRS subpopulations have influenced the development of a model enabling the identification of HFE C282Y homozygous in Caucasians 8 , and has been
IEEE Access, 2020
Android is one of the most essential and highly used operating systems. Android permissions syste... more Android is one of the most essential and highly used operating systems. Android permissions system is a core security component that offers an access-control mechanism to protect system resources and users' privacy. As such, it has experienced continuous change over each Android release. However, previous research on the permissions system has employed static analysis techniques. Furthermore, most of these studies are outdated, covering older versions of Android. This paper aims to discuss the permissions system intensively to provide a nutshell overview of the Android platform's access-control mechanism. The paper presents a comprehensive analysis of the Android permissions system since it was introduced in 2008 until now, accompanied by a formal model of its components. The results of the analysis reveal a continuous growth in the number of permissions since the original release-a growth of seven times in some permission categories. A case study has been conducted for the last five years' versions of the top Android apps to examine the permissions system's evolution and its attendant security issues from the applications' perspective. Some apps showed an increase in permissions usage of 73.33% by the 2020 release. Additionally, the results of the case study contribute to the understanding of permissions deployment by both vendors and developers. Finally, a discussion of the permission-based security enhancements discloses that the Android permissions system faces various security issues. In general, this paper provides researchers and academics an up-to-date, comprehensive, self-contained reference study of the Android permissions system.
Android Operating System becomes a major target for malicious attacks. Static analysis approach i... more Android Operating System becomes a major target for malicious attacks. Static analysis approach is widely used to detect malicious applications. Most of existing studies on static analysis frameworks are limited to certain features. This paper presents an Android Static Analysis Framework (ASAF) which models the overall static analysis phases and approaches for Android applications. ASAF can be implemented for different purposes including Android malicious apps detection. The proposed framework utilizes a parsing tool, Android Static Parse (ASParse) which is also introduced in this paper. Through the extendibility of the ASParse tool, future research studies can easily extend the parsed features and the parsed files to perform parsing based on their specific requirements and goals. Moreover, a case study is conducted to illustrate the implementation of the proposed ASAF.
Computer systems science and engineering, 2023
This paper presents a robust multi-stage security solution based on fusion, encryption, and water... more This paper presents a robust multi-stage security solution based on fusion, encryption, and watermarking processes to transmit color healthcare images, efficiently. The presented solution depends on the features of discrete cosine transform (DCT), lifting wavelet transform (LWT), and singular value decomposition (SVD). The primary objective of this proposed solution is to ensure robustness for the color medical watermarked images against transmission attacks. During watermark embedding, the host color medical image is transformed into four sub-bands by employing three stages of LWT. The resulting low-frequency sub-band is then transformed by employing three stages of DCT followed by SVD operation. Furthermore, a fusion process is used for combining different watermarks into a single watermark image. This single fused image is then ciphered using Deoxyribose Nucleic Acid (DNA) encryption to strengthen the security. Then, the DNA-ciphered fused watermark is embedded in the host medical image by applying the suggested watermarking technique to obtain the watermarked image. The main contribution of this work is embedding multiple watermarks to prevent identity theft. In the presence of different multimedia attacks, several simulation tests on different color medical images have been performed. The results prove that the proposed security solution achieves a decent imperceptibility quality with high Peak Signal-to-Noise Ratio (PSNR) values and high correlation between the extracted and original watermark images. Moreover, the watermark image extraction process succeeds in achieving high efficiency in the presence of attacks compared with related works.
Sensors, Mar 16, 2022
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Sensors, May 4, 2023
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
The booming of Android technology makes Android users and their devices with all running applicat... more The booming of Android technology makes Android users and their devices with all running applications targeted by many security attackers. These attackers intent to inject malicious software in these applications to obtain the user’s data for several purposes. Nowadays, Android users are keen to install clean apps in their devices. At the same time, security solutions have been proposed to detect malware apps. This paper presents a general framework for Android applications scanning process. The aim is to guide researchers and developers to the main phases/steps required to analyze Android applications, check their trustworthiness and protect Android users from being victims to serious malware attacks. Moreover, this research highlights the metrics, tools, mechanisms and datasets that are mostly used throughout the scanning process.
Computer Systems Science and Engineering
This paper presents a robust multi-stage security solution based on fusion, encryption, and water... more This paper presents a robust multi-stage security solution based on fusion, encryption, and watermarking processes to transmit color healthcare images, efficiently. The presented solution depends on the features of discrete cosine transform (DCT), lifting wavelet transform (LWT), and singular value decomposition (SVD). The primary objective of this proposed solution is to ensure robustness for the color medical watermarked images against transmission attacks. During watermark embedding, the host color medical image is transformed into four sub-bands by employing three stages of LWT. The resulting low-frequency sub-band is then transformed by employing three stages of DCT followed by SVD operation. Furthermore, a fusion process is used for combining different watermarks into a single watermark image. This single fused image is then ciphered using Deoxyribose Nucleic Acid (DNA) encryption to strengthen the security. Then, the DNA-ciphered fused watermark is embedded in the host medical image by applying the suggested watermarking technique to obtain the watermarked image. The main contribution of this work is embedding multiple watermarks to prevent identity theft. In the presence of different multimedia attacks, several simulation tests on different color medical images have been performed. The results prove that the proposed security solution achieves a decent imperceptibility quality with high Peak Signal-to-Noise Ratio (PSNR) values and high correlation between the extracted and original watermark images. Moreover, the watermark image extraction process succeeds in achieving high efficiency in the presence of attacks compared with related works.
Applied Sciences
Cybersecurity attacks are still causing significant threats to individuals and organizations, aff... more Cybersecurity attacks are still causing significant threats to individuals and organizations, affecting almost all aspects of life. Therefore, many countries worldwide try to overcome this by introducing and applying cybersecurity regularity frameworks to maintain organizations’ information and digital resources. Saudi Arabia has taken practical steps in this direction by developing the essential cybersecurity control (ECC) as a national cybersecurity regulation reference. Generally, the compliance assessment processes of different international cybersecurity standards and controls (ISO2700x, PCI, and NIST) are generic for all organizations with different scopes, business functionality, and criticality level, where the overall compliance score is absent with no consideration of the security control risk. Therefore, to address all of these shortcomings, this research takes the ECC as a baseline to build a comprehensive and customized risk-based cybersecurity compliance assessment sys...
IEEE Access
Jamming is a terrifying attack that could harm 802.11p-based vehicular communications by occupyin... more Jamming is a terrifying attack that could harm 802.11p-based vehicular communications by occupying the communication channels by overwhelming the network with jamming packets, especially for self-driving cars, as it is essential to send/receive messages without any interruptions to control the vehicles remotely. In wireless vehicular ad hoc networks (VANET), the attacker's mission is more accessible due to the network's open nature, way of communication, and lack of security measures. Most of the existing studies have focused on jamming detection approaches. However, few of them have addressed the jammer localization challenge. Moreover, even in these limited studies, the solutions' assumptions, the proposed countermeasures, and their complexity were also missing. Therefore, this paper introduces a new approach to detecting, localizing, and avoiding jamming attacks in VANETs with high efficiency in terms of accuracy, implementation and complexity. The proposed approach uses the signal strength of the jammer for estimating only the distance between jammer and receiver, while then a less complex algorithm is proposed for localizing the jammer and then redirecting the vehicles away from the roads the attacker is using. This approach was simulated using real-life maps and specialized network environments. Additionally, the performance of the new approach was evaluated using different metrics. These evaluation metrics include (1) the estimated position of the jammer, (2) the handling of the jammer by announcing its location to normal vehicles (3) the avoidance of the jammed routes by increasing their weight, which forces the cars to reroute and evade the jamming area. The high localization accuracy, measured by the Euclidean distance, and the successful communication of the attacker's position and its avoidance have highly increased the packet delivery ratio (PDR) and the signal-to-interference-plus-noise ratio (SINR). This was noticed significantly before and after avoiding the jamming area when for example, the PDR increased from 0% to 100% before and after bypassing the jammer's routes.
Computers, Materials & Continua
Nowadays, there is tremendous growth in biometric authentication and cybersecurity applications. ... more Nowadays, there is tremendous growth in biometric authentication and cybersecurity applications. Thus, the efficient way of storing and securing personal biometric patterns is mandatory in most governmental and private sectors. Therefore, designing and implementing robust security algorithms for users' biometrics is still a hot research area to be investigated. This work presents a powerful biometric security system (BSS) to protect different biometric modalities such as faces, iris, and fingerprints. The proposed BSS model is based on hybridizing auto-encoder (AE) network and a chaos-based ciphering algorithm to cipher the details of the stored biometric patterns and ensures their secrecy. The employed AE network is unsupervised deep learning (DL) structure used in the proposed BSS model to extract main biometric features. These obtained features are utilized to generate two random chaos matrices. The first random chaos matrix is used to permute the pixels of biometric images. In contrast, the second random matrix is used to further cipher and confuse the resulting permuted biometric pixels using a two-dimensional (2D) chaotic logistic map (CLM) algorithm. To assess the efficiency of the proposed BSS, (1) different standardized color and grayscale images of the examined fingerprint, faces, and iris biometrics were used (2) comprehensive security and recognition evaluation metrics were measured. The assessment results have proven the authentication and robustness superiority of the proposed BSS model compared to other existing BSS models. For example, the proposed BSS succeeds in getting a high area under the receiver operating characteristic (AROC) value that reached 99.97% and low rates of 0.00137, 0.00148, and 3516 CMC, 2023, vol.74, no.2 0.00157 for equal error rate (EER), false reject rate (FRR), and a false accept rate (FAR), respectively.
Multimedia Tools and Applications
Uploads
IJCSIS Papers by Iman Almomani
Papers by Iman Almomani