Skip to main content

Ebrima Ceesay

Johns Hopkins University Applied Physics Lab, Computer Science, Adjunct

Followers

16

Following

1

Public Views

Ebrima K Ceesay

Dipta Fitriatinnisa

Christopher Belford

Chinese Academy of Agricultural Sciences

Gümüşhane University

JDE (Journal of Developing Economies)

Universitas Airlangga

Douglason Omotor

InterestsView All (7)

Uploads

Papers by Ebrima Ceesay

Effect of Income Inequality on Economic Growth in Selected West Africa Countries: An Empirical Analysis

The paper empirically investigates the effect of income inequality on economic growth in the sele... more The paper empirically investigates the effect of income inequality on economic growth in the selected Western African countries for the period of 1969-2016 by using panel data analysis. The results of panel data method indicates that poverty has positive and statistically significant effect; openness has a negative, and also significant effect on economic growth. On the other hand, inequality and human capita have negative effect on economic growth and slightly statistically significant. The results of this study show that the policy makers should focus on reinvestment in human capital, poverty reduction, land reforms, and infrastructure development as the dynamics of economic growth for these countries.

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

Abstract. Incomplete or improper input validation is one of the major sources of security bugs in... more Abstract. Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications. 1

Using Type Qua-ifiers to Ana-yze Untrusted Integers and Detecting Security Flaws in C Programs

Abstract. Incomplete or improper input validation is one of the major sources of security bugs in... more Abstract. Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on de- tecting string related buffer overflow vulnerabilities- we present an approach to automatically detect potential integer misuse- such as integer overflows in C pro- grams. Our tool is based on CQual- a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool- we found known and unknown integer related vul- nerabilities in these applications. 1 Introduction Most known security vulnerabilities are caused by incomplete or improper input vali- dation instead of program logic errors. The ICAT vulnerability statistics [1] show for the past three years that more than 50 % of known vulnerabilities in the CVE database are caused by input validation errors. This percentage is still increasing. Thus- improved means to detect input validation error...

Cyber-Situational Awareness in the Presence of Encryption

2017 IEEE 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER), 2017

Maintaining cyber-situational awareness is a critical requirement for effective threat intelligen... more Maintaining cyber-situational awareness is a critical requirement for effective threat intelligence. However, the ubiquitous presence of encryption across numerous protocols makes it ever more challenging for organizations to monitor traffic for security purposes. This paper presents the results of analyzing encrypted traffic and its metadata to provide intelligence on the communication channel. In this study, we aim to 1) analyze and decipher the protocols of TLS and IPSec concentrating on how the session key is negotiated, and 2) analyze the ciphertext of symmetric algorithms, looking for patterns or non-randomness, which by specification, should be non-observable. We demonstrate that we are able to probabilistically identify participating parties in communication, identify signature of Suite-B algorithms (AES-GCM-256), recognize cipher text in near real-time, identify encrypted data in open channel, uncover flaws in cipher modes, and identify unknown and proprietary ciphers.

Energy Efficient Cellular Network User Clustering Using Linear Radius Algorithm

2019 53rd Annual Conference on Information Sciences and Systems (CISS), 2019

This paper proposes an adaptive algorithm to maximize energy efficiency in cellular network consi... more This paper proposes an adaptive algorithm to maximize energy efficiency in cellular network considering a dynamic user clustering technique. First, a base station (BS) sleeping algorithm is designed, which minimizes the energy consumption to almost more than half. Then a Linear Radius User Clustering algorithm is modeled. Using feedback channel state information to the base station, the algorithm varies the mobile cell radius adaptively to minimize a total energy consumption of overall cellular network based on the threshold user density. The minimum distance where a Mobile Station can get a signal from the base station without a significant effect on human health can be located. Since the Base Station with modern scanner installed on its transmitter part can scan 390 times per second, the time scale to marginalize users from the coverage under threshold densities is in milliseconds. As a result, there is no significant effect on quality of services when the cell coverage is zoomed ...

Measuring Personal Privacy Breaches Using Third-Party Trackers

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018

While browsing the web, cookies are stored on user's computers. Some of these cookies are &qu... more While browsing the web, cookies are stored on user's computers. Some of these cookies are "third-party" cookies that can track the user across different websites. In this paper, we summarize what third-party cookies (trackers) are and the different types there are. We use a browser extension to examine what third party trackers are detected on popular websites. From the data collected, we examined the cookies on each website and identified common cookies. Finally, we offered solutions on how to protect browsers from unwanted third-party cookies.

Transfer Learning Model for Disrupting Misinformation During a COVID-19 Pandemic

In 2020, the COVID-19 pandemic changed the world significantly, and it is critical to have reliab... more In 2020, the COVID-19 pandemic changed the world significantly, and it is critical to have reliable online information about this virus. However, disinformation can have a negative effect on public opinion and can put the lives of millions in danger by ignoring the crucial precautions. People worldwide post their ideas about the coronavirus every second and create a rich source of information. In this work, we introduce an advanced natural language processing model to classify public opinion about the virus, which can help health organizations to take immediate actions to stop the spread of the virus by removing misinformation from online platforms. We introduce a new model with high classification accuracy to extract deep contextual information from online coronavirus comments based on main COVID-19 topics and use a robust model for sentiment classification based on more than twenty different datasets to detect the tweet's text, which contains misinformation. The new model can ...

Statistical and Transfer Learning Model to Analyze Endurance Performance with Aging

The decline of human physical ability with aging is an important factor to consider as to athleti... more The decline of human physical ability with aging is an important factor to consider as to athletic performance evaluation. Physiological factors or real-world performance data have been used to build mathematical models. Marathon is a sports event attracting more and more participants. However, due to the limitation of field size, the race organizers usually must qualify each athlete for certain events based on age and gender. We use statistical and machine learning models for analyzing the Boston Marathon results to delineate the decrease in elder athletes' endurance performance. We also apply the transfer learning model on the mobile activity tracking social media platform Strava to classify beginners or professional athletes using performance data and applying sentiment classification to athletes' comments. Our results may provide valuable insights for athletes, coaches, and governing bodies for athletics.

Economic Inclusion in the United States: Predictive Analysis of COVID-19 pandemic on County Rates of Unbanked Households

COVID-19 pandemic has a significant effect on the unemployment rate in the United States. However... more COVID-19 pandemic has a significant effect on the unemployment rate in the United States. However, the economic effect in different states is not the same for each household. In this work, Our goal is to capture and outline the relationships between pandemic incidence, economic inclusion, unemployment, and bank branch closures in order to understand the emerging relationship between the coronavirus pandemic, rates of economic inclusion, and economic well-being of localities. Furthermore, we machine learning algorithms to evaluate the predictive power of coronavirus incidence and fatality rates, county-level unemployment, and bank branch closure rates on rates of economic inclusion. Also, a natural language processing approach is used to analyze the unemployment COVID-19 textual data. We use BERT as a powerful transformer for sentiment classification on COVID-19 unemployment data.

Energy Efficient Smart Antenna Beamforming Algorithms for Next-Generation Networks

2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC)

Smart antenna consist of multiple antenna elements at the transmitting and/or receiving side of t... more Smart antenna consist of multiple antenna elements at the transmitting and/or receiving side of the communication link, whose signals are processed adaptively in order to exploit the spatial dimension of the wireless channel. Depending on the signal process at the transmitter, receiver, or both ends of the communication link, the smart antenna technique can increase the capacity of the wireless network by improving link quality using impairments mitigation mechanisms. This work investigates different smart antenna beamforming algorithms considering energy efficiency using adaptive antenna techniques with a uniform linear array geometry. The schemes used for investigation are half power beam width, side lobe level, array spacing and variable node distance (range). The results demonstrate that Constant module (CMA) algorithm makes antenna arrays more energy efficient while it has high mean square error. On the other hand, Recursive Least Square (RLS) is recommended for next-generation wireless networks because it provides significant energy efficiency while keeping mean square error minimum than the rest of the algorithms.

Decoding Linguistic Ambiguity in Times of Emergency based on Twitter Disaster Datasets

2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC)

As of November 2020, the massively popular social media site Twitter boasts 1.3 billion accounts,... more As of November 2020, the massively popular social media site Twitter boasts 1.3 billion accounts, 330 million monthly users, and 500 million tweets per day. The sheer volume of data shared on this platform has legitimized Twitter as a real-time information sharing monolith. Millions of people can share information via Twitter making it's power in this space undeniable. In this project, we'd like to use that power for good. Twitter's real-time information sharing prowess has become the platform of interest when attempting to learn information on events in progress. This paper identifies Tweets related to disasters, accidents, or emergencies and determines such statements' sincerity. We introduce a new model that can detect real emergency tweets with a high classification accuracy by using a transfer learning model BERT for emotion classification and behavior modeling approach to detect tweets in Twitter disaster datasets. In doing so, we hope to provide a great service in identifying relevant, real-time information to first responders.

Improving End-to-End Verifiable Voting Systems with Blockchain Technologies

2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)

End-to-end verifiable (E2E) voting systems attempt to establish elections where each voter receiv... more End-to-end verifiable (E2E) voting systems attempt to establish elections where each voter receives direct assurance that their vote was cast correctly, and anyone may determine that each ballot was correctly included in the overall tally of the vote. One such E2E implementation, Helios, achieves this “open audit” functionality by making public the auditing algorithm and each encrypted vote, along with their encryption proofs, on a public bulletin board. Unfortunately, hosting the bulletin board on a centralized server puts this functionality at risk of denial of service or data tampering, each of which could degrade the public's trust of the election results. To mitigate these risks, this paper demonstrates the replacement of the bulletin board concept with decentralized storage and a blockchain. In doing so, the election audit data benefit from a system where such data becomes immutable, and where the data is replicated and publicly accessible. This architecture allows the encrypted votes, their proofs, and the election audit algorithm to be hosted independent of the election services, eliminating the risk of tampering or denial of service while still maintaining voter verifiability.

Human-centered strategies for cyber-physical systems security

ICST Transactions on Security and Safety, May 15, 2018

Human error contributes to information system losses. Exposure to significant risk will continue ... more Human error contributes to information system losses. Exposure to significant risk will continue and is not effectively addressed with conventional training. Broader strategy that addresses the social system is recommended. Such strategies have been successfully developed in industrial settings to deal with workplace hazards that are functionally similar to cyber loss. Four of these strategies are reviewed and found to be relevant to the needs of the IT-enabled organization in mitigating cyber security risks. These strategies are not consistent with each other or uniformly applicable, however, and would need to be adapted to contemporary knowledge work settings and used cautiously. Long-term institutionalization and development of organizational practices pose further challenges. While a holistic, sociotechnical systems (STS) approach to cyber security requires significant effort, IT-enabled organizations, as industrial organizations before them, will realize the effort is justified.

Mitigating phishing attacks: A detection, response and evaluation framework

Phishing, the mass distribution of spoofed email messages with return addresses, links, and brand... more Phishing, the mass distribution of spoofed email messages with return addresses, links, and branding that appear to come from banks, insurance agencies, retailers, or credit card companies, has emerged as the latest threat for the theft of personal information over the Internet. It has the potential of inflicting serious financial losses to individuals who fall victim to phishing attacks. Beyond the direct costs of individual phishing attacks, this Internet-based fraud is eroding customer confidence in the online operations of institutions targeted by such attacks. This impediment to customer utilization of online resources undermines the ability of companies and organizations to roll out Web-based applications for customers and to utilize the highly efficient communications methods that email and the Web represent. This trend is also not limited to the direct targets of phishing. As this problem goes unsolved, all organizations utilizing on-line e-commerce tools are affected by the rising distrust of Internet-based communications and transactions. The thesis solves this problem through the use of machine learning techniques, models and algorithms. In particular, we detect phishing emails before they ever get to the mailboxes of unsuspecting users. The thesis makes the following contributions to solve the phishing problem: characterizing and formalizing phishing from spamming, providing the first publicly available and massive data set on phishing for future research on phishing, using machine learning approaches that identify authorship, embedding domain knowledge that asks and answers questions (who sends the emails, where do the links in the email direct readers to? and what do the email messages contain?), extracting significant features required to build efficient and reliable phishing filter that is computationally efficient and performs well.

Energy Efficiency Analysis of RLS-MUSIC based Smart Antenna System for 5G Network

2021 55th Annual Conference on Information Sciences and Systems (CISS), 2021

This paper proposes a novel energy efficient beamforming and DOA estimation scheme called RLS-MUS... more This paper proposes a novel energy efficient beamforming and DOA estimation scheme called RLS-MUSIC algorithm. First, we study different adaptive beamforming algorithms and receive signal Degree-of-Arrival (DOA) estimation techniques for wireless communication network application in reference to their effect on energy efficiency. Taking linear array smart antenna elements geometry, which is mostly used antenna array geometry, Recursive Least Square (RLS) adaptive beam-forming algorithm and Multiple Signal Classification (MUSIC) DOA estimation technique are identified as the reference input methods to model the new energy efficient scheme. Using an energy model, which is as a function of beam-width, signal transmission strength (range), and signal-to-noise-interference ratio (SNIR), we evaluate the total amount of energy spent during beam-formation. Finally, the energy gain due to RLS-MUSIC scheme is compared with that of RLS alone. The results show that the RLS-MUSIC scheme based ac...

IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution

The number of identified integer overflow vulnerabilities has been increasing rapidly in recent y... more The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, we present a system, IntScope, which can automatically detect integer overflow vulnerabilities in x86 binaries before an attacker does, with the goal of finally eliminating the vulnerabilities. IntScope first translates the disassembled code into our own intermediate representation (IR), and then performs a path sensitive data flow analysis on the IR by leveraging symbolic execution and taint analysis to identify the vulnerable point of integer overflow. Compared with other approaches, IntScope does not run the binary directly, and is scalable to large software as it can just symbolically execute the interesting program paths. Experimental results show IntScope is quite encouraging: it has detected more than 20 zero-day integer overflows (e.g., CVE-2008-4201, FrSIRT/ADV-2008-2919 in widely-used software such as QEMU, Xen and Xine.

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

Incomplete or improper input validation is one of the major sources of security bugs in programs.... more Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications.

A Taxonomy for Comparing Attack-Graph Approaches

Automated attack-graph tools show how individual vulnerabilities in a system can be composed to c... more Automated attack-graph tools show how individual vulnerabilities in a system can be composed to create meta-vulnerabilities or how individual sensor alerts can be joined to describe a multi-stage scenario attacks. In recent years many organizations have developed attack-graph type systems, but because these organizations often do not clearly define their terms, consistently use terms such as "attack-graph", explain their assumptions, or identify their limitations, comparing the various efforts is difficult at best. This paper describes our efforts to establish a taxonomic foundation for comparing and contrasting attack-graph approaches, and we use the taxonomy to compare several important efforts in the field.

An authentication model for delegation, attribution and least privilege

ABSTRACT The need to share information while maintaining privacy and security is a growing proble... more ABSTRACT The need to share information while maintaining privacy and security is a growing problem in health, finance, defense, and other distributed environments. Mitigating threats in a distributed computing environment is a difficult task and requires constant vigilance and defense-in-depth. Most systems lack a secure model that guarantees an end-to-end security. In this paper, we devise a model that mitigates a number of threats to the distributed computing pervasive in corporate and institutional information technology enterprises. This authentication process is part of a larger information assurance systemic approach that requires that all active entities (users, machines and services) are named, and credentialed. Authentication is bilateral using PKI credentialing, and authorization is based upon Security Assertion Markup Language (SAML) attribution statements. Communication across domains is handled as a federation activity using WS-* protocols. We present the architectural model, elements of which are currently being demonstrated and tested in a functional prototype in a boundary protected area processing center. The architecture is also applicable to a private cloud.

Effect of Income Inequality on Economic Growth in Selected West Africa Countries: An Empirical Analysis

The paper empirically investigates the effect of income inequality on economic growth in the sele... more The paper empirically investigates the effect of income inequality on economic growth in the selected Western African countries for the period of 1969-2016 by using panel data analysis. The results of panel data method indicates that poverty has positive and statistically significant effect; openness has a negative, and also significant effect on economic growth. On the other hand, inequality and human capita have negative effect on economic growth and slightly statistically significant. The results of this study show that the policy makers should focus on reinvestment in human capital, poverty reduction, land reforms, and infrastructure development as the dynamics of economic growth for these countries.

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

Abstract. Incomplete or improper input validation is one of the major sources of security bugs in... more Abstract. Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications. 1

Using Type Qua-ifiers to Ana-yze Untrusted Integers and Detecting Security Flaws in C Programs

Abstract. Incomplete or improper input validation is one of the major sources of security bugs in... more Abstract. Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on de- tecting string related buffer overflow vulnerabilities- we present an approach to automatically detect potential integer misuse- such as integer overflows in C pro- grams. Our tool is based on CQual- a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool- we found known and unknown integer related vul- nerabilities in these applications. 1 Introduction Most known security vulnerabilities are caused by incomplete or improper input vali- dation instead of program logic errors. The ICAT vulnerability statistics [1] show for the past three years that more than 50 % of known vulnerabilities in the CVE database are caused by input validation errors. This percentage is still increasing. Thus- improved means to detect input validation error...

Cyber-Situational Awareness in the Presence of Encryption

2017 IEEE 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER), 2017

Maintaining cyber-situational awareness is a critical requirement for effective threat intelligen... more Maintaining cyber-situational awareness is a critical requirement for effective threat intelligence. However, the ubiquitous presence of encryption across numerous protocols makes it ever more challenging for organizations to monitor traffic for security purposes. This paper presents the results of analyzing encrypted traffic and its metadata to provide intelligence on the communication channel. In this study, we aim to 1) analyze and decipher the protocols of TLS and IPSec concentrating on how the session key is negotiated, and 2) analyze the ciphertext of symmetric algorithms, looking for patterns or non-randomness, which by specification, should be non-observable. We demonstrate that we are able to probabilistically identify participating parties in communication, identify signature of Suite-B algorithms (AES-GCM-256), recognize cipher text in near real-time, identify encrypted data in open channel, uncover flaws in cipher modes, and identify unknown and proprietary ciphers.

Energy Efficient Cellular Network User Clustering Using Linear Radius Algorithm

2019 53rd Annual Conference on Information Sciences and Systems (CISS), 2019

This paper proposes an adaptive algorithm to maximize energy efficiency in cellular network consi... more This paper proposes an adaptive algorithm to maximize energy efficiency in cellular network considering a dynamic user clustering technique. First, a base station (BS) sleeping algorithm is designed, which minimizes the energy consumption to almost more than half. Then a Linear Radius User Clustering algorithm is modeled. Using feedback channel state information to the base station, the algorithm varies the mobile cell radius adaptively to minimize a total energy consumption of overall cellular network based on the threshold user density. The minimum distance where a Mobile Station can get a signal from the base station without a significant effect on human health can be located. Since the Base Station with modern scanner installed on its transmitter part can scan 390 times per second, the time scale to marginalize users from the coverage under threshold densities is in milliseconds. As a result, there is no significant effect on quality of services when the cell coverage is zoomed ...

Measuring Personal Privacy Breaches Using Third-Party Trackers

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018

While browsing the web, cookies are stored on user's computers. Some of these cookies are &qu... more While browsing the web, cookies are stored on user's computers. Some of these cookies are "third-party" cookies that can track the user across different websites. In this paper, we summarize what third-party cookies (trackers) are and the different types there are. We use a browser extension to examine what third party trackers are detected on popular websites. From the data collected, we examined the cookies on each website and identified common cookies. Finally, we offered solutions on how to protect browsers from unwanted third-party cookies.

Transfer Learning Model for Disrupting Misinformation During a COVID-19 Pandemic

In 2020, the COVID-19 pandemic changed the world significantly, and it is critical to have reliab... more In 2020, the COVID-19 pandemic changed the world significantly, and it is critical to have reliable online information about this virus. However, disinformation can have a negative effect on public opinion and can put the lives of millions in danger by ignoring the crucial precautions. People worldwide post their ideas about the coronavirus every second and create a rich source of information. In this work, we introduce an advanced natural language processing model to classify public opinion about the virus, which can help health organizations to take immediate actions to stop the spread of the virus by removing misinformation from online platforms. We introduce a new model with high classification accuracy to extract deep contextual information from online coronavirus comments based on main COVID-19 topics and use a robust model for sentiment classification based on more than twenty different datasets to detect the tweet's text, which contains misinformation. The new model can ...

Statistical and Transfer Learning Model to Analyze Endurance Performance with Aging

The decline of human physical ability with aging is an important factor to consider as to athleti... more The decline of human physical ability with aging is an important factor to consider as to athletic performance evaluation. Physiological factors or real-world performance data have been used to build mathematical models. Marathon is a sports event attracting more and more participants. However, due to the limitation of field size, the race organizers usually must qualify each athlete for certain events based on age and gender. We use statistical and machine learning models for analyzing the Boston Marathon results to delineate the decrease in elder athletes' endurance performance. We also apply the transfer learning model on the mobile activity tracking social media platform Strava to classify beginners or professional athletes using performance data and applying sentiment classification to athletes' comments. Our results may provide valuable insights for athletes, coaches, and governing bodies for athletics.

Economic Inclusion in the United States: Predictive Analysis of COVID-19 pandemic on County Rates of Unbanked Households

COVID-19 pandemic has a significant effect on the unemployment rate in the United States. However... more COVID-19 pandemic has a significant effect on the unemployment rate in the United States. However, the economic effect in different states is not the same for each household. In this work, Our goal is to capture and outline the relationships between pandemic incidence, economic inclusion, unemployment, and bank branch closures in order to understand the emerging relationship between the coronavirus pandemic, rates of economic inclusion, and economic well-being of localities. Furthermore, we machine learning algorithms to evaluate the predictive power of coronavirus incidence and fatality rates, county-level unemployment, and bank branch closure rates on rates of economic inclusion. Also, a natural language processing approach is used to analyze the unemployment COVID-19 textual data. We use BERT as a powerful transformer for sentiment classification on COVID-19 unemployment data.

Energy Efficient Smart Antenna Beamforming Algorithms for Next-Generation Networks

2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC)

Smart antenna consist of multiple antenna elements at the transmitting and/or receiving side of t... more Smart antenna consist of multiple antenna elements at the transmitting and/or receiving side of the communication link, whose signals are processed adaptively in order to exploit the spatial dimension of the wireless channel. Depending on the signal process at the transmitter, receiver, or both ends of the communication link, the smart antenna technique can increase the capacity of the wireless network by improving link quality using impairments mitigation mechanisms. This work investigates different smart antenna beamforming algorithms considering energy efficiency using adaptive antenna techniques with a uniform linear array geometry. The schemes used for investigation are half power beam width, side lobe level, array spacing and variable node distance (range). The results demonstrate that Constant module (CMA) algorithm makes antenna arrays more energy efficient while it has high mean square error. On the other hand, Recursive Least Square (RLS) is recommended for next-generation wireless networks because it provides significant energy efficiency while keeping mean square error minimum than the rest of the algorithms.

Decoding Linguistic Ambiguity in Times of Emergency based on Twitter Disaster Datasets

2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC)

As of November 2020, the massively popular social media site Twitter boasts 1.3 billion accounts,... more As of November 2020, the massively popular social media site Twitter boasts 1.3 billion accounts, 330 million monthly users, and 500 million tweets per day. The sheer volume of data shared on this platform has legitimized Twitter as a real-time information sharing monolith. Millions of people can share information via Twitter making it's power in this space undeniable. In this project, we'd like to use that power for good. Twitter's real-time information sharing prowess has become the platform of interest when attempting to learn information on events in progress. This paper identifies Tweets related to disasters, accidents, or emergencies and determines such statements' sincerity. We introduce a new model that can detect real emergency tweets with a high classification accuracy by using a transfer learning model BERT for emotion classification and behavior modeling approach to detect tweets in Twitter disaster datasets. In doing so, we hope to provide a great service in identifying relevant, real-time information to first responders.

Improving End-to-End Verifiable Voting Systems with Blockchain Technologies

2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)

End-to-end verifiable (E2E) voting systems attempt to establish elections where each voter receiv... more End-to-end verifiable (E2E) voting systems attempt to establish elections where each voter receives direct assurance that their vote was cast correctly, and anyone may determine that each ballot was correctly included in the overall tally of the vote. One such E2E implementation, Helios, achieves this “open audit” functionality by making public the auditing algorithm and each encrypted vote, along with their encryption proofs, on a public bulletin board. Unfortunately, hosting the bulletin board on a centralized server puts this functionality at risk of denial of service or data tampering, each of which could degrade the public's trust of the election results. To mitigate these risks, this paper demonstrates the replacement of the bulletin board concept with decentralized storage and a blockchain. In doing so, the election audit data benefit from a system where such data becomes immutable, and where the data is replicated and publicly accessible. This architecture allows the encrypted votes, their proofs, and the election audit algorithm to be hosted independent of the election services, eliminating the risk of tampering or denial of service while still maintaining voter verifiability.

Human-centered strategies for cyber-physical systems security

ICST Transactions on Security and Safety, May 15, 2018

Human error contributes to information system losses. Exposure to significant risk will continue ... more Human error contributes to information system losses. Exposure to significant risk will continue and is not effectively addressed with conventional training. Broader strategy that addresses the social system is recommended. Such strategies have been successfully developed in industrial settings to deal with workplace hazards that are functionally similar to cyber loss. Four of these strategies are reviewed and found to be relevant to the needs of the IT-enabled organization in mitigating cyber security risks. These strategies are not consistent with each other or uniformly applicable, however, and would need to be adapted to contemporary knowledge work settings and used cautiously. Long-term institutionalization and development of organizational practices pose further challenges. While a holistic, sociotechnical systems (STS) approach to cyber security requires significant effort, IT-enabled organizations, as industrial organizations before them, will realize the effort is justified.

Mitigating phishing attacks: A detection, response and evaluation framework

Phishing, the mass distribution of spoofed email messages with return addresses, links, and brand... more Phishing, the mass distribution of spoofed email messages with return addresses, links, and branding that appear to come from banks, insurance agencies, retailers, or credit card companies, has emerged as the latest threat for the theft of personal information over the Internet. It has the potential of inflicting serious financial losses to individuals who fall victim to phishing attacks. Beyond the direct costs of individual phishing attacks, this Internet-based fraud is eroding customer confidence in the online operations of institutions targeted by such attacks. This impediment to customer utilization of online resources undermines the ability of companies and organizations to roll out Web-based applications for customers and to utilize the highly efficient communications methods that email and the Web represent. This trend is also not limited to the direct targets of phishing. As this problem goes unsolved, all organizations utilizing on-line e-commerce tools are affected by the rising distrust of Internet-based communications and transactions. The thesis solves this problem through the use of machine learning techniques, models and algorithms. In particular, we detect phishing emails before they ever get to the mailboxes of unsuspecting users. The thesis makes the following contributions to solve the phishing problem: characterizing and formalizing phishing from spamming, providing the first publicly available and massive data set on phishing for future research on phishing, using machine learning approaches that identify authorship, embedding domain knowledge that asks and answers questions (who sends the emails, where do the links in the email direct readers to? and what do the email messages contain?), extracting significant features required to build efficient and reliable phishing filter that is computationally efficient and performs well.

Energy Efficiency Analysis of RLS-MUSIC based Smart Antenna System for 5G Network

2021 55th Annual Conference on Information Sciences and Systems (CISS), 2021

This paper proposes a novel energy efficient beamforming and DOA estimation scheme called RLS-MUS... more This paper proposes a novel energy efficient beamforming and DOA estimation scheme called RLS-MUSIC algorithm. First, we study different adaptive beamforming algorithms and receive signal Degree-of-Arrival (DOA) estimation techniques for wireless communication network application in reference to their effect on energy efficiency. Taking linear array smart antenna elements geometry, which is mostly used antenna array geometry, Recursive Least Square (RLS) adaptive beam-forming algorithm and Multiple Signal Classification (MUSIC) DOA estimation technique are identified as the reference input methods to model the new energy efficient scheme. Using an energy model, which is as a function of beam-width, signal transmission strength (range), and signal-to-noise-interference ratio (SNIR), we evaluate the total amount of energy spent during beam-formation. Finally, the energy gain due to RLS-MUSIC scheme is compared with that of RLS alone. The results show that the RLS-MUSIC scheme based ac...

IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution

The number of identified integer overflow vulnerabilities has been increasing rapidly in recent y... more The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, we present a system, IntScope, which can automatically detect integer overflow vulnerabilities in x86 binaries before an attacker does, with the goal of finally eliminating the vulnerabilities. IntScope first translates the disassembled code into our own intermediate representation (IR), and then performs a path sensitive data flow analysis on the IR by leveraging symbolic execution and taint analysis to identify the vulnerable point of integer overflow. Compared with other approaches, IntScope does not run the binary directly, and is scalable to large software as it can just symbolically execute the interesting program paths. Experimental results show IntScope is quite encouraging: it has detected more than 20 zero-day integer overflows (e.g., CVE-2008-4201, FrSIRT/ADV-2008-2919 in widely-used software such as QEMU, Xen and Xine.

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

Incomplete or improper input validation is one of the major sources of security bugs in programs.... more Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications.

A Taxonomy for Comparing Attack-Graph Approaches

Automated attack-graph tools show how individual vulnerabilities in a system can be composed to c... more Automated attack-graph tools show how individual vulnerabilities in a system can be composed to create meta-vulnerabilities or how individual sensor alerts can be joined to describe a multi-stage scenario attacks. In recent years many organizations have developed attack-graph type systems, but because these organizations often do not clearly define their terms, consistently use terms such as "attack-graph", explain their assumptions, or identify their limitations, comparing the various efforts is difficult at best. This paper describes our efforts to establish a taxonomic foundation for comparing and contrasting attack-graph approaches, and we use the taxonomy to compare several important efforts in the field.

An authentication model for delegation, attribution and least privilege

ABSTRACT The need to share information while maintaining privacy and security is a growing proble... more ABSTRACT The need to share information while maintaining privacy and security is a growing problem in health, finance, defense, and other distributed environments. Mitigating threats in a distributed computing environment is a difficult task and requires constant vigilance and defense-in-depth. Most systems lack a secure model that guarantees an end-to-end security. In this paper, we devise a model that mitigates a number of threats to the distributed computing pervasive in corporate and institutional information technology enterprises. This authentication process is part of a larger information assurance systemic approach that requires that all active entities (users, machines and services) are named, and credentialed. Authentication is bilateral using PKI credentialing, and authorization is based upon Security Assertion Markup Language (SAML) attribution statements. Communication across domains is handled as a federation activity using WS-* protocols. We present the architectural model, elements of which are currently being demonstrated and tested in a functional prototype in a boundary protected area processing center. The architecture is also applicable to a private cloud.