Tarek Abbes

Followers

Following

Co-author

Public Views

Andrej Dujella

University of Zagreb

Hemin Koyi

Uppsala University

Jana Javornik

University of East London

Graham Martin

University of Leicester

Gwen Robbins Schug

University of North Carolina at Greensboro

Gabriel Gutierrez-Alonso

University of Salamanca

John Sutton

Macquarie University

Eros Carvalho

Universidade Federal do Rio Grande do Sul

Kevin Arbuckle

Swansea University

Jesper Hoffmeyer

University of Copenhagen

Uploads

Papers by Tarek Abbes

The Passport: A Single-Node Authentication System for Heterogeneous Voice-Controlled IoT Networks

Privacy‐preserving hands‐free voice authentication leveraging edge technology

Security and privacy, Dec 16, 2022

Security Implications of Network Address Translation on Intrusion Detection and Prevention Systems

Network address translation (NAT) is a technology that allows multiple computers on a LAN to shar... more Network address translation (NAT) is a technology that allows multiple computers on a LAN to share a single public IP address for accessing the Internet. Without it, the IPv4 protocol&amp;amp;amp;amp;amp;amp;#39;s limited number of available addresses would be pushed to its limits. However, NAT poses a big problem for security and especially for networks protected by intrusion detection systems (IDS) and

Trusted intrusion detection architecture for high-speed networks based on traffic classification, load balancing and high availability mechanism

Security and Communication Networks, Mar 24, 2011

During this time when Internet provides essential communication between an infinite number of peo... more During this time when Internet provides essential communication between an infinite number of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. However, traditional widely used security methods such as firewalls, cryptography and intrusion detection systems (IDSs) have been unable to provide an effective security mechanism for defending high‐speed networks. In fact, nowadays high‐speed networks are very popular; they play an increasingly important role in the domain of information technology, they provide us with a lot of advantages, but they present a big problem for security tools; as networks are becoming faster there is an emerging need for security analysis techniques that keep up with the increased network throughput. In this paper, we are interested in the network intrusion detection systems (NIDSs). In fact, existing NIDSs can barely keep up with bandwidths of some hundred Mbps, whereas nowadays, the network speed presses forward 10 Gbps. So, in order to protect such installations, we propose a new approach presenting trusted intrusion detection architecture for high‐speed networks. The approach aims at accelerating the intrusion detection operation and it is based on three main steps: traffic classification, load balancing and high availability mechanism. This paper describes the above‐mentioned approaches and presents an experimental evaluation of their effectiveness. Copyright © 2010 John Wiley &amp; Sons, Ltd.

Risk Management for Spam over IP Telephony using Combined Countermeasures

Voice over IP (VoIP) is a very attractive technology. It is increasingly adopted by enterprises a... more Voice over IP (VoIP) is a very attractive technology. It is increasingly adopted by enterprises and consumers. VoIP inherits adjacent security issues to IP networks to which are added new specific problems. Spam over IP telephony (SPIT) is expected to become one of the VoIP problems. To resolve it, many anti-SPIT mechanisms are proposed but there are still limited in some cases. Indeed, these mechanisms can deteriorate the performances of the telephony service in terms of availability and quality of service. Thus, Risk management offers new perspectives regarding this dilemma. We adopt in this paper a risk management strategy to protect a VoIP infrastructure. To treat the risk, we employ in the first phase a set of combined countermeasures. In addition, we apply a known metric called "Return On Response Investment" (RORI) to provide the most optimal combination that reduces the risk without sacrificing the functionality of the system. The efficacy of our solution is demonstrated through a set of experimental results.

Risk management for spam over IP telephony using optimal countermeasure

Over the last decade, Voice over IP Telephony (VoIP) has become very popular. It is rapidly adopt... more Over the last decade, Voice over IP Telephony (VoIP) has become very popular. It is rapidly adopted by consumers and enterprises. With the increase of VoIP applications, VoIP threats appear and become more and more a problem. Spam over IP telephony (SPIT) is expected to become one of the VoIP problem. This kind of spam is appreciated by spammers due to its effectiveness and low cost. Many anti-SPIT solutions are applied to resolve this problem but there are still limited in some cases. Indeed, these protection mechanisms can have a negative impact on the performances of the telephony service in terms of availability and quality of service. Thus, Risk management offers new perspectives regarding this dilemma. We adopt in this paper a risk management strategy to protect a VoIP infrastructure. To treat the risk, we employ a known metric called “Return On Response Investment” (RORI) to provide the most optimal countermeasure that reduces the risk without sacrificing the functionality of the system. The benefits of our solution are evaluated through an extensive set of experimental results.

Ensuring security in depth based on heterogeneous network security technologies

International Journal of Information Security, Mar 24, 2009

With the explosive growth of Internet connectivity that includes not only end-hosts but also perv... more With the explosive growth of Internet connectivity that includes not only end-hosts but also pervasive devices, security becomes a requirement for enterprises. Although a significant effort has been made by the research community to develop defense techniques against security attacks, less focus has been given to manage security configuration efficiently. Network security devices, such as firewalls, intrusion detection and prevention systems, honeypot as well as vulnerability scanner, operate as a stand-alone system for solving a particular security problem. Yet these devices are not necessarily independent. The focus of this work is encompassing a security infrastructure where multiple security devices form a global security layer. Each component is defined with respect to the others and interacts dynamically and automatically with the different security devices in order to choose the best solution to be launched to prevent the final malicious objective. Our solution aims at solving, at the same time, the need for active defence, speed, reliability, accuracy and usability of the network.

Download

Efficient decision tree for protocol analysis in intrusion detection

International Journal of Security and Networks, 2010

Pattern matching is a crucial factor for deriving efficient intrusion detection. However Network ... more Pattern matching is a crucial factor for deriving efficient intrusion detection. However Network Intrusion Detection Systems (NIDSs) frequently ignore data semantics of captured packets and have to consider the whole payloads leading to false positives if attacks signatures are found in incorrect positions. Therefore NIDSs have to investigate in packets contents in order to determine how application layer protocols are used. We propose a combination of pattern matching and protocol analysis to better detect intrusions. While the first detection method relies on a multi-pattern matching algorithm, the second one benefits from a decision tree to select in each analysis step, the efficient test.

Download

Fast Multipattern Matching for Intrusion Detection

Misuse intrusion detection (IDS) detects signatures of attack scenarios. Hackers try to avoid det... more Misuse intrusion detection (IDS) detects signatures of attack scenarios. Hackers try to avoid detection by permuting actions, and inserting, hiding or overlapping packets. Stateful detection becomes thus essential to suitably supervise network traffic. We propose in this paper a new approach for analysing the network traffic. The inspection, while being stateful, processes each packet as soon as it is received. We have used this strategy with appropriate multi-search methods and adequate datastructures for signatures.

Internet of Things Middleware: Evaluating the Costs of Service-Based Solutions Under Different Application Scenarios

International journal on engineering applications, Jul 31, 2022

Filtrage Efficace Pour la Détection d'Intrusions

Les systèmes de détection d'intrusions (IDS) sont indispensables pour compléter la protection des... more Les systèmes de détection d'intrusions (IDS) sont indispensables pour compléter la protection des pares-feux. Cependant, ils ont des difficultésà traiter le haut débit età mener parallèlement une analyse précise sur le contenu des paquets. Nous proposons dans cette article une nouvelle approche pour analyser le trafic réseau. Nous nous appuyons sur une organisation intelligente des règles de détection et sur des algorithmes de recherche simultanée de signatures. Cette méthodologie aété implantée dans le système de détection d'intrusions "Snort".

Download

High Performance Intrusion Detection using Traffic Classification

The crucial problem of ever increasing high traffic encountered by an IDS can be tackled by class... more The crucial problem of ever increasing high traffic encountered by an IDS can be tackled by classifying the network traffic and distributing the analysis among several IDSes ensuring faster detection. Besides, each IDS equipped with only the required functionalities can provide sharper analysis of the traffic. We propose in this paper a new classification algorithm that constructs a Direct Acyclic Graph (DAG) to split the traffic using security policies and IDS characteristics. The method divides different classfication rule features into several bytes and sorts them by considering explicit values before masked one thereby reducing overlaps between rules ensuring smaller DAG and easier way to classify packets during runtime.

Detection of Covert Channels Over ICMP Protocol

With the growing complexity of networks and communications protocols that become increasingly eno... more With the growing complexity of networks and communications protocols that become increasingly enormous and extensive, we are confronted with the problem of covert channel that affects the confidentiality and integrity of data sent in the network. Covert channels also known as hidden channels can elude basic security systems such as Intrusion Detection Systems (IDS) and firewalls. We propose in this work a method to monitor and detect the presence of hidden channels that are based on an essential monitoring protocol "Internet Control Message Protocol" (ICMP). We undergo the network traffic with a set of verifications ranging from simple fields verification to more complex pattern matching operations. To validate our idea, we have installed Ptunnel, a tool that allows to tunnel TCP connections to a remote host using ICMP echo request and reply packets. Our experimental results show the possibility to discover such malicious traffic with high performance.

Download

Qualitative and Quantitative Risk Analysis and Safety Assessment of Unmanned Aerial Vehicles Missions over the Internet

arXiv (Cornell University), Apr 20, 2019

In the last few years, Unmanned Aerial Vehicles (UAVs) are making a revolution as an emerging tec... more In the last few years, Unmanned Aerial Vehicles (UAVs) are making a revolution as an emerging technology with many different applications in the military, civilian, and commercial fields. The advent of autonomous drones has initiated serious challenges, including how to maintain their safe operation during their missions. The safe operation of UAVs remains an open and sensitive issue, since any unexpected behavior of the drone or any hazard would lead to potential risks that might be very severe. The motivation behind this work is to propose a methodology for the safety assurance of drones over the Internet (Internet of drones (IoD)). Two approaches will be used in performing the safety analysis: (1) a qualitative safety analysis approach, and (2) a quantitative safety analysis approach. The first approach uses the international safety standards, namely ISO 12100 and ISO 13849 to assess the safety of drone's missions by focusing on qualitative assessment techniques. The methodology starts from hazard identification, risk assessment, risk mitigation, and finally draws the safety recommendations associated with a drone delivery use case. The second approach presents a method for the quantitative safety assessment using Bayesian Networks (BN) for probabilistic modeling. BN utilizes the information provided by the first approach to model the safety risks related to UAVs' flights. An illustrative UAV crash scenario is presented as a case study, followed by a scenario analysis, to demonstrate the applicability of the proposed approach. These two analyses, qualitative and quantitative, enable all involved stakeholders to detect, explore and address the risks of UAV flights, which will help the industry to better manage the safety concerns of UAVs.

Download

A SPIT detection algorithm based on user's call behavior

ABSTRACT

Detection of firewall configuration errors with updatable tree

International Journal of Information Security, May 19, 2015

The fundamental goals of security policy are to allow uninterrupted access to the network resourc... more The fundamental goals of security policy are to allow uninterrupted access to the network resources for authenticated users and to deny access to unauthenticated users. For this purpose, firewalls are frequently deployed in every size network. However, bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicted filtering rules lead to block legitimate traffic and to accept unwanted packets. This fact troubles administrators who have to insert and delete filtering rules in a huge configuration file. We propose in this paper a quick method for managing a firewall configuration file. We represent the set of filtering rules by a firewall anomaly tree (FAT). Then, an administrator can update the FAT by inserting and deleting some filtering rules. The FAT modification automatically reveals emerged anomalies and helps the administrator to find the adequate position for a new added filtering rule. All the algorithms presented in the paper have been implemented and computer experiments show the usefulness of updating the FAT datastructure in order to quickly detect anomalies when dealing with a huge firewall configuration file.

Download

IoT botnet detection using deep learning

2023 International Wireless Communications and Mobile Computing (IWCMC)

Privacy‐preserving hands‐free voice authentication leveraging edge technology

SECURITY AND PRIVACY

Smartphone-Key: Hands-Free Two-Factor Authentication for Voice-Controlled Devices Using Wi-Fi Location

IEEE Transactions on Network and Service Management

IoT Routing Attacks Detection Using Machine Learning Algorithms

Wireless Personal Communications

The Passport: A Single-Node Authentication System for Heterogeneous Voice-Controlled IoT Networks

Privacy‐preserving hands‐free voice authentication leveraging edge technology

Security and privacy, Dec 16, 2022

Security Implications of Network Address Translation on Intrusion Detection and Prevention Systems

Trusted intrusion detection architecture for high-speed networks based on traffic classification, load balancing and high availability mechanism

Security and Communication Networks, Mar 24, 2011

Risk Management for Spam over IP Telephony using Combined Countermeasures

Risk management for spam over IP telephony using optimal countermeasure

Ensuring security in depth based on heterogeneous network security technologies

International Journal of Information Security, Mar 24, 2009

Download

Efficient decision tree for protocol analysis in intrusion detection

International Journal of Security and Networks, 2010

Download

Fast Multipattern Matching for Intrusion Detection

Internet of Things Middleware: Evaluating the Costs of Service-Based Solutions Under Different Application Scenarios

International journal on engineering applications, Jul 31, 2022

Filtrage Efficace Pour la Détection d'Intrusions

Download

High Performance Intrusion Detection using Traffic Classification

Detection of Covert Channels Over ICMP Protocol

Download

Qualitative and Quantitative Risk Analysis and Safety Assessment of Unmanned Aerial Vehicles Missions over the Internet

arXiv (Cornell University), Apr 20, 2019

Download

A SPIT detection algorithm based on user's call behavior

ABSTRACT

Detection of firewall configuration errors with updatable tree

International Journal of Information Security, May 19, 2015

Download

IoT botnet detection using deep learning

2023 International Wireless Communications and Mobile Computing (IWCMC)

Privacy‐preserving hands‐free voice authentication leveraging edge technology

SECURITY AND PRIVACY

Smartphone-Key: Hands-Free Two-Factor Authentication for Voice-Controlled Devices Using Wi-Fi Location

IEEE Transactions on Network and Service Management

IoT Routing Attacks Detection Using Machine Learning Algorithms

Wireless Personal Communications

Tarek Abbes

Related Authors

Uploads

Papers by Tarek Abbes

Log In