ECE department, Faculty of Engineering
Assist. Prof. Bahaa Al-Musawi
Internet security, routing protocol, anomaly detection, machine learning
Mohammed Falih Hassan, Bahaa Al-Musawi, and Ali Kadhim Al-Janabi Springer Science and Business Media LLC
Aliaa Al-Bakaa and Bahaa Al-Musawi Elsevier BV
Noor Hadi Hammood, Bahaa Al-Musawi, and Ahmed Hazim Alhilali Springer Singapore
Aliaa Al-Bakaa and Bahaa Al-Musawi Springer Singapore
Noor Hadi Hammood and Bahaa Al-Musawi IEEE
Unregular events such as large-scale power outages and routing table leaks (RTL) can negatively affect the global routing stability and interrupt Internet services. The Border Gateway Protocol (BGP) is the de-facto Internet routing protocol responsible for managing connectivity between Autonomous Systems (ASes). Detecting BGP anomalies enables network operators to protect their network and helps to improve Internet reliability. This paper suggests using different feature selection algorithms to find out the most effective BGP features then use these features to identify types of anomalies. Out of 55 extracted BGP features, we find out that 9 BGP features indicate identifying RTL and link failure. BGP features related to volumes such as total number of announcements per prefix, number of IPV4 announcements, and implicit withdrawal represent a key to identify RTL. In contrast, BGP features related to Origin change and AS-PATH, such as announcement to the longer path and Edit distance, represent a key to identify link failure.
Aliaa Al-Bakaa and Bahaa Al-Musawi IEEE
In recent years, we witnessed the ensuing surge in massive numbers and types of attacks. The future years will continue these trends but at a faster pace as a result of increasing the number of devices and the development of IoT devices. Thus, it becomes really important to detect different types of threats and hence secure these resources. To that end, previous works examined different feature selection techniques and machine learning algorithms. However, they are either suffer from a low detection accuracy or are not able to detect various types of attacks particularly the low-frequency attacks like worms. In this paper, we use multiple feature selection algorithms to find the subset of the more relevant features regarding each type of attack. Forward Selection Ranking and Backward Elimination Ranking algorithms are used along with decision tree classifier and random forest classifier. The system is evaluated in terms of accuracy, precision, sensitivity, and F-score and shows very high performance in detecting all types of attacks. It can detect all types of attacks with an accuracy rate of 99.9% and 99.96% for binary classification.
Sabah M. Alturfi, Bahaa Al-Musawi, and Haydar Abdulameer Marhoon AIP Publishing
Cloud computing provides scalable, on-demand, and highly available computing resources via the internet to both the public and private on a pay-per-use basis. It eliminates the requirement of purchasing new hardware and software licenses besides reducing administration efforts. The key issue of cloud computing is the security of its resources and data and need to be protected from different attacks. Different research studies have been proposed various methods for intrusion detection and prevention. Thus, two major threats techniques have been defined and addressed, signature technique and anomaly technique. In this paper, an advanced classification has been identified with describing the advantages and limitations of each method to support the researchers with well-organized roadmap to deal with these attacks.
Sabah M. Alturfi, Haydar Abdulameer Marhoon, and Bahaa Al-Musawi AIP Publishing
With the rapid growth of Internet technologies, Internet of Things (IoT) devices have become widely required. A huge number of smart devices around the world containing sensors and actuators are collecting data and processing it to perform specific actions. As these services deployed via the Internet, it becomes an easy target to the vulnerabilities. The defenses against these threats need to maximize and ensure high security to maintain the confidentiality, availability, and integrity of IoT resources. Different techniques and approaches have been proposed and established to protect smart devices and data from attacks. This survey uses the five layers architecture to explore different types of threats and vulnerabilities at an individual layer of IoT architecture. It also reviews different types of techniques and, approaches and methods to secure IoT architecture.
Mohammed Falih Hassan, Karime Farhood Hussein, and Bahaa Al-Musawi Institute of Advanced Engineering and Science
<p>Due to growth in demand for high-performance applications that require high numerical stability and accuracy, the need for floating-point FPGA has been increased. In this work, an open-source and efficient floating-point unit is implemented on a standard Xilinx Sparton-6 FPGA platform. The proposed design is described in a hierarchal way starting from functional block descriptions toward modules level design. Our implementation used minimal resources available on the targeting FPGA board, tested on Sparton-6 FPGA platform and verified on ModelSim. The open-source framework can be embedded or customized for low-cost FPGA devices that do not offer floating-point units.</p>
Bahaa Al-Musawi, Mohammed Hassan, and Sabah Alturfi Telecommunications Association Inc.
Anomalous events such as link failure, misconfiguration, and Denial of Service attacks can affect the Internet inter-domain routing protocol. This effect can range from small to large-scale impact. While large-scale events can be detected using one or multiple global monitoring points, small-scale events need monitoring at the Autonomous System (AS) level. This paper presents a Real-time Detection Tool for Internet routing protocol Disruptions (RDTD) at AS-level. RDTD is a black-box statistical approach that detects disruptions based on observing changes in the underlying behaviour of a series of inter-domain routing updates rather than information contained in inter-domain routing updates. The RDTD can be connected to a designated AS to detect disruptions at that AS or to one of the collectors at public vantage points to detect the Internet routing disruptions from the public vantage-point’s view. The evaluation of the detection tool has been made through replaying route traffic related to one of the most well-known events within a controlled testbed. Our evaluation shows the ability of the detection tool to detect route leak in near real-time without requiring a long history of data. RDTD can also detect hidden anomalous behaviour in the underlying traffic that may pass without detection.
Mohammed Falih Hassan, Shiva Raj Pokhrel, and Bahaa Al-Musawi IEEE
With the ensuing massive communication demands required for IoT Wireless Sensor Networks (WSNs), conventional routing protocols in wireless networks are not applicable to the massive IoT sensors networking. Consequently, a new type of protocols called energy-aware routing protocols have been proposed. Major design goals of such protocols are to uniformly distribute energy consumption among the IoT nodes and minimize the energy dissipation optimally. In this paper, we develop a novel Energy Balanced Distributed Clustering protocol (EBDC) to minimize the energy consumption among sensor nodes uniformly. Moreover, the proposed EBDC is based on an adaptive clustering and re-clustering process. We evaluate the proposed protocol on different energy-based WSNs protocols. Our evaluation shows EBDC achieves a notable enhancement in terms of balanced energy consumption and extended network lifetime compared to the other existing protocols. Besides, we propose a new metric for the evaluation of protocols.
Bahaa Al-Musawi, Philip Branch, Mohammed Falih Hassan, and Shiva Raj Pokhrel Elsevier BV
Bahaa Al-Musawi, Philip Branch, and Grenville Armitage IEEE
The Border Gateway Protocol (BGP) is an Internet routing protocol responsible for exchanging network reachability information between Autonomous Systems (ASes). Monitoring and mining BGP traffic are important aspects to understand and improve the stability of the Internet. However, identifying the characteristics of BGP traffic is much harder than it seems at a first glance where BGP traffic has been identified as complex, voluminous, and noisy. In this paper, we show that BGP traffic can be understood as an aggregation of oscillations of different frequencies from different ASes. Using linear and nonlinear statistical analysis, we show that BGP traffic shows recurrent behaviour. The source of this behaviour is unsynchronised periodic behaviour from a set of ASes.
Bahaa Al-Musawi, Philip Branch, and Grenville Armitage Institute of Electrical and Electronics Engineers (IEEE)
The border gateway protocol (BGP) is the Internet’s default inter-domain routing protocol that manages connectivity among autonomous systems (ASes). Over the past two decades many anomalies of BGP have been identified that threaten its stability and reliability. This survey discusses and classifies these anomalies and discusses the 20 most significant techniques used to identify them. Our classification is based on the broad category of approach, BGP features used to identify the anomaly, effectiveness in identifying the anomaly and effectiveness in identifying which AS was the location of the event that caused the anomaly. We also discuss a number of key requirements for the next generation of BGP anomaly detection techniques.
Bahaa Al-Musawi, Philip Branch, and Grenville Armitage IEEE
The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare, when they occur the consequences can be very damaging. Consequently there has been considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. In this paper, we make two contributions. We show that over time BGP messages from BGP speakers have deterministic, recurrence and non-linear properties, then build on this insight to introduce the idea of using Recurrence Quantification Analysis (RQA) to detect BGP instability. RQA can be used to provide rapid identification of traffic anomalies that can lead to BGP instability. Furthermore, RQA is able to detect abnormal behaviours that may pass without observation.