Bahaa

@uokufa.edu.iq

ECE department, Faculty of Engineering
Assist. Prof. Bahaa Al-Musawi



                          

https://researchid.co/bahaamusawi

RESEARCH INTERESTS

Internet security, routing protocol, anomaly detection, machine learning

19

Scopus Publications

401

Scholar Citations

9

Scholar h-index

9

Scholar i10-index

Scopus Publications

  • Enhancing Cloud Network Security with Innovative Time Series Analysis
    Amer Al-Mazrawe and Bahaa Al-Musawi
    Sociedade Brasileira de Computacao - SB
    Cloud computing has revolutionized computing infrastructure abstraction and utilization, distinguished by its cost-effective and high-quality services. However, the challenge of securing cloud networks persists, mainly due to the broad exchange of data and the inherent complexity of these techniques. Anomaly detection emerges as a promising solution to improve cloud network safeness, presenting perception into system behavior and alerting operators for further actions. This paper offers a novel time series analysis method for detecting anomalies in cloud networks. Our technique employs innovative time series analysis techniques based on a matrix profile, and the Kneedle algorithm to identify multi-dimensional anomalous patterns within multiple features extracted from network traffic streams. To evaluate the efficacy of our approach, we implemented timestamp-based and index-based methods to two distinct datasets: the most widely used UNSW-NB15 and the recently introduced CICIoT2023 datasets. The results highlight the efficacy of our proposed method in identifying cloud network anomalies. It achieved an impressive accuracy of 99.6% and an F1-score of 99.8% using the timestamp-based analysis method. For the index-based analysis method, accuracy reached 98%, accompanied by an outstanding F1-score of 99.9%.

  • Novel Data-Driven Geolocation Approach for Detecting Smuggled Internet Traffic
    Bahaa Al-Musawi, Dina Shehada, and Abir Jaafar Hussain
    Institute of Electrical and Electronics Engineers (IEEE)
    Enforcing Internet censorship in decentralised networks, such as those in India, Iraq, and Russia, poses significant challenges due to the intricate nature of their interconnected subnetworks. This paper presents a novel approach that combines Internet routing traffic analysis with IP geolocation data to identify smuggled prefixes and their associated autonomous system numbers, using Iraq as a case study. Our methodology integrates diverse datasets, including integrated autonomous system number data from IPinfo and Cloudflare Radar, Internet routing traffic from the RouteViews project, and patterns observed during periodic Internet shutdowns for national exams. By cross-referencing these data sources, we enhance the detection of smuggled autonomous system numbers and provide insights into the geographical distribution of unauthorised Internet traffic. Furthermore, the study addresses evasion techniques, such as AS-PATH prepending, and proposes collaborative strategies to improve detection accuracy. These contributions provide a scalable and robust framework for strengthening Internet governance and enhancing security in fragmented network infrastructures.

  • Anomaly Detection in Cloud Network: A Review
    Amer Al-Mazrawe and Bahaa Al-Musawi
    EDP Sciences
    Cloud computing stands out as one of the fastest-growing technologies in the 21st century, offering enterprises opportunities to reduce costs, enhance scalability, and increase flexibility through rapid access to a shared pool of elastic computing resources. However, its security remains a significant challenge. As cloud networks grow in complexity and scale, the need for effective anomaly detection becomes crucial. Identifying anomalous behavior within cloud networks poses a challenge due to factors such as the voluminous data exchanged and the dynamic nature of underlying cloud infrastructures. Detecting anomalies helps prevent threats and maintain cloud operations. This literature review examines previous works in anomaly detection in the cloud that employ various strategies for anomaly detection, describes anomaly detection datasets, discusses the challenges of anomaly detection in cloud networks, and presents directions for future studies.

  • A Comparative Study of IDS-Based Deep Learning Models for IoT Network
    Bassam Noori Shaker, Bahaa Qasim Al-Musawi, and Mohammed Falih Hassan
    ACM
    The proliferation of connected devices within Internet of Things (IoT) networks has underscored the critical necessity of developing efficient Intrusion Detection Systems (IDS) that can adeptly identify and counteract threats. Deep learning algorithms are better than classical machine learning at automatically learning patterns and representations from raw data, enabling them to detect complex attacks. This research aims to conduct a comparative study of IDSs implemented through three deep learning models: Convolutional Neural Networks (CNN), Deep Neural Networks (DNN), and Recurrent Neural Networks (RNN). The study employs three datasets (NF-UNSW-NB15, NF-BoT-IoT, and NF-ToN-IoT) to assess model performance in both binary and multiclass classification scenarios. The findings indicate that for binary traffic classification, DNN outperforms the other two models with an accuracy bout (98%) for all datasets. In the context of multiclass traffic classification, the DNN model surpasses the performance of the other model except for NF-ToN-IoT a CNN model score (69.08%).

  • Innovative Fitness Functions for Robust Energy Management in WSNs
    Mohammed Falih Hassan, Bahaa Al-Musawi, and Ali Kadhim Al-Janabi
    Springer Science and Business Media LLC


  • A Survey of BGP Anomaly Detection Using Machine Learning Techniques
    Noor Hadi Hammood, Bahaa Al-Musawi, and Ahmed Hazim Alhilali
    Springer Singapore

  • Flow-Based Intrusion Detection Systems: A Survey
    Aliaa Al-Bakaa and Bahaa Al-Musawi
    Springer Singapore

  • Using BGP Features towards Identifying Type of BGP Anomaly
    Noor Hadi Hammood and Bahaa Al-Musawi
    IEEE
    Unregular events such as large-scale power outages and routing table leaks (RTL) can negatively affect the global routing stability and interrupt Internet services. The Border Gateway Protocol (BGP) is the de-facto Internet routing protocol responsible for managing connectivity between Autonomous Systems (ASes). Detecting BGP anomalies enables network operators to protect their network and helps to improve Internet reliability. This paper suggests using different feature selection algorithms to find out the most effective BGP features then use these features to identify types of anomalies. Out of 55 extracted BGP features, we find out that 9 BGP features indicate identifying RTL and link failure. BGP features related to volumes such as total number of announcements per prefix, number of IPV4 announcements, and implicit withdrawal represent a key to identify RTL. In contrast, BGP features related to Origin change and AS-PATH, such as announcement to the longer path and Edit distance, represent a key to identify link failure.

  • Improving the Performance of Intrusion Detection System through Finding the Most Effective Features
    Aliaa Al-Bakaa and Bahaa Al-Musawi
    IEEE
    In recent years, we witnessed the ensuing surge in massive numbers and types of attacks. The future years will continue these trends but at a faster pace as a result of increasing the number of devices and the development of IoT devices. Thus, it becomes really important to detect different types of threats and hence secure these resources. To that end, previous works examined different feature selection techniques and machine learning algorithms. However, they are either suffer from a low detection accuracy or are not able to detect various types of attacks particularly the low-frequency attacks like worms. In this paper, we use multiple feature selection algorithms to find the subset of the more relevant features regarding each type of attack. Forward Selection Ranking and Backward Elimination Ranking algorithms are used along with decision tree classifier and random forest classifier. The system is evaluated in terms of accuracy, precision, sensitivity, and F-score and shows very high performance in detecting all types of attacks. It can detect all types of attacks with an accuracy rate of 99.9% and 99.96% for binary classification.

  • An advanced classification of cloud computing security techniques: A survey
    Sabah M. Alturfi, Bahaa Al-Musawi, and Haydar Abdulameer Marhoon
    AIP Publishing
    Cloud computing provides scalable, on-demand, and highly available computing resources via the internet to both the public and private on a pay-per-use basis. It eliminates the requirement of purchasing new hardware and software licenses besides reducing administration efforts. The key issue of cloud computing is the security of its resources and data and need to be protected from different attacks. Different research studies have been proposed various methods for intrusion detection and prevention. Thus, two major threats techniques have been defined and addressed, signature technique and anomaly technique. In this paper, an advanced classification has been identified with describing the advantages and limitations of each method to support the researchers with well-organized roadmap to deal with these attacks.

  • Internet of Things security techniques: A survey
    Sabah M. Alturfi, Haydar Abdulameer Marhoon, and Bahaa Al-Musawi
    AIP Publishing
    With the rapid growth of Internet technologies, Internet of Things (IoT) devices have become widely required. A huge number of smart devices around the world containing sensors and actuators are collecting data and processing it to perform specific actions. As these services deployed via the Internet, it becomes an easy target to the vulnerabilities. The defenses against these threats need to maximize and ensure high security to maintain the confidentiality, availability, and integrity of IoT resources. Different techniques and approaches have been proposed and established to protect smart devices and data from attacks. This survey uses the five layers architecture to explore different types of threats and vulnerabilities at an individual layer of IoT architecture. It also reviews different types of techniques and, approaches and methods to secure IoT architecture.

  • Design and implementation of fast floating point units for FPGAs
    Mohammed Falih Hassan, Karime Farhood Hussein, and Bahaa Al-Musawi
    Institute of Advanced Engineering and Science
    <p>Due to growth in demand for high-performance applications that require high numerical stability and accuracy, the need for floating-point FPGA has been increased. In this work, an open-source and efficient floating-point unit is implemented on a standard Xilinx Sparton-6 FPGA platform. The proposed design is described in a hierarchal way starting from functional block descriptions toward modules level design. Our implementation used minimal resources available on the targeting FPGA board, tested on Sparton-6 FPGA platform and verified on ModelSim. The open-source framework can be embedded or customized for low-cost FPGA devices that do not offer floating-point units.</p>

  • RDTD: A tool for detecting internet routing disruptions at AS-level
    Bahaa Al-Musawi, Mohammed Hassan, and Sabah Alturfi
    Telecommunications Association Inc.
    Anomalous events such as link failure, misconfiguration, and Denial of Service attacks can affect the Internet inter-domain routing protocol. This effect can range from small to large-scale impact. While large-scale events can be detected using one or multiple global monitoring points, small-scale events need monitoring at the Autonomous System (AS) level. This paper presents a Real-time Detection Tool for Internet routing protocol Disruptions (RDTD) at AS-level. RDTD is a black-box statistical approach that detects disruptions based on observing changes in the underlying behaviour of a series of inter-domain routing updates rather than information contained in inter-domain routing updates. The RDTD can be connected to a designated AS to detect disruptions at that AS or to one of the collectors at public vantage points to detect the Internet routing disruptions from the public vantage-point’s view. The evaluation of the detection tool has been made through replaying route traffic related to one of the most well-known events within a controlled testbed. Our evaluation shows the ability of the detection tool to detect route leak in near real-time without requiring a long history of data. RDTD can also detect hidden anomalous behaviour in the underlying traffic that may pass without detection.

  • Energy-Balanced and Distributed Clustering Protocol for IoT Wireless Sensors
    Mohammed Falih Hassan, Shiva Raj Pokhrel, and Bahaa Al-Musawi
    IEEE
    With the ensuing massive communication demands required for IoT Wireless Sensor Networks (WSNs), conventional routing protocols in wireless networks are not applicable to the massive IoT sensors networking. Consequently, a new type of protocols called energy-aware routing protocols have been proposed. Major design goals of such protocols are to uniformly distribute energy consumption among the IoT nodes and minimize the energy dissipation optimally. In this paper, we develop a novel Energy Balanced Distributed Clustering protocol (EBDC) to minimize the energy consumption among sensor nodes uniformly. Moreover, the proposed EBDC is based on an adaptive clustering and re-clustering process. We evaluate the proposed protocol on different energy-based WSNs protocols. Our evaluation shows EBDC achieves a notable enhancement in terms of balanced energy consumption and extended network lifetime compared to the other existing protocols. Besides, we propose a new metric for the evaluation of protocols.

  • Identifying OSPF LSA falsification attacks through non-linear analysis
    Bahaa Al-Musawi, Philip Branch, Mohammed Falih Hassan, and Shiva Raj Pokhrel
    Elsevier BV

  • Recurrence behaviour of BGP traffic
    Bahaa Al-Musawi, Philip Branch, and Grenville Armitage
    IEEE
    The Border Gateway Protocol (BGP) is an Internet routing protocol responsible for exchanging network reachability information between Autonomous Systems (ASes). Monitoring and mining BGP traffic are important aspects to understand and improve the stability of the Internet. However, identifying the characteristics of BGP traffic is much harder than it seems at a first glance where BGP traffic has been identified as complex, voluminous, and noisy. In this paper, we show that BGP traffic can be understood as an aggregation of oscillations of different frequencies from different ASes. Using linear and nonlinear statistical analysis, we show that BGP traffic shows recurrent behaviour. The source of this behaviour is unsynchronised periodic behaviour from a set of ASes.

  • BGP Anomaly Detection Techniques: A Survey
    Bahaa Al-Musawi, Philip Branch, and Grenville Armitage
    Institute of Electrical and Electronics Engineers (IEEE)
    The border gateway protocol (BGP) is the Internet’s default inter-domain routing protocol that manages connectivity among autonomous systems (ASes). Over the past two decades many anomalies of BGP have been identified that threaten its stability and reliability. This survey discusses and classifies these anomalies and discusses the 20 most significant techniques used to identify them. Our classification is based on the broad category of approach, BGP features used to identify the anomaly, effectiveness in identifying the anomaly and effectiveness in identifying which AS was the location of the event that caused the anomaly. We also discuss a number of key requirements for the next generation of BGP anomaly detection techniques.

  • Detecting BGP instability using Recurrence Quantification Analysis (RQA)
    Bahaa Al-Musawi, Philip Branch, and Grenville Armitage
    IEEE
    The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare, when they occur the consequences can be very damaging. Consequently there has been considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. In this paper, we make two contributions. We show that over time BGP messages from BGP speakers have deterministic, recurrence and non-linear properties, then build on this insight to introduce the idea of using Recurrence Quantification Analysis (RQA) to detect BGP instability. RQA can be used to provide rapid identification of traffic anomalies that can lead to BGP instability. Furthermore, RQA is able to detect abnormal behaviours that may pass without observation.

RECENT SCHOLAR PUBLICATIONS

  • Novel Data-Driven Geolocation Approach for Detecting Smuggled Internet Traffic
    B Al-Musawi, D Shehada, AJ Hussain
    IEEE Access 2025

  • Enhancing Cloud Network Security with Innovative Time Series Analysis
    A Al-Mazrawe, B Al-Musawi
    Journal of Internet Services and Applications 16 (1), 13-24 2025

  • Anomaly detection in cloud network: A review
    A Al-Mazrawe, B Al-Musawi
    BIO Web of Conferences 97, 00019 2024

  • A Comparative Study of IDS-Based Deep Learning Models for IoT Network
    BN Shaker, BQ Al-Musawi, MF Hassan
    Proceedings of the 2023 International Conference on Advances in Artificial 2023

  • Innovative fitness functions for robust energy management in WSNs
    MF Hassan, B Al-Musawi, AK Al-Janabi
    Journal of Network and Systems Management 31 (4), 76 2023

  • A new intrusion detection system based on using non-linear statistical analysis and features selection techniques
    A Al-Bakaa, B Al-Musawi
    Computers & Security 122, 102906 2022

  • Flow-based intrusion detection systems: A survey
    A Al-Bakaa, B Al-Musawi
    International Conference on Applications and Techniques in Information 2021

  • A survey of BGP anomaly detection using machine learning techniques
    NH Hammood, B Al-Musawi, AH Alhilali
    International Conference on Applications and Techniques in Information 2021

  • Using BGP features towards identifying type of BGP anomaly
    NH Hammood, B Al-Musawi
    2021 International Congress of Advanced Technology and Engineering (ICOTEN 2021

  • Improving the performance of intrusion detection system through finding the most effective features
    A Al-Bakaa, B Al-Musawi
    2021 International Congress of Advanced Technology and Engineering (ICOTEN), 1-9 2021

  • Internet of Things security techniques: A survey
    SM Alturfi, HA Marhoon, B Al-Musawi
    AIP Conference Proceedings 2290 (1) 2020

  • An advanced classification of cloud computing security techniques: A survey
    SM Alturfi, B Al-Musawi, HA Marhoon
    AIP Conference Proceedings 2290 (1) 2020

  • Design and implementation of fast floating point units for FPGAs
    MF Hassan, KF Hussein, B Al-Musawi
    Indonesian Journal of Electrical Engineering and Computer Science 19 (3 2020

  • RDTD: A tool for detecting internet routing disruptions at AS-level
    B Al-Musawi, MF Hassan, SM Alturfi
    Journal of Telecommunications and the Digital Economy 8 (2), 18-30 2020

  • Energy-balanced and distributed clustering protocol for IoT wireless sensors
    MF Hassan, SR Pokhrel, B Al-Musawi
    2020 IEEE Wireless Communications and Networking Conference Workshops (WCNCW 2020

  • Identifying OSPF LSA falsification attacks through non-linear analysis
    B Al-Musawi, P Branch, MF Hassan, SR Pokhrel
    Computer Networks 167, 107031 2020

  • Identifying recurrence behaviour in the underlying BGP traffic
    B Al-Musawi, P Branch
    IJICTA 4 (1), 34-47 2018

  • Identifying OSPF anomalies using recurrence quantification analysis
    B Al-Musawi, P Branch
    arXiv preprint arXiv:1805.08087 2018

  • Detecting BGP anomalies using recurrence quantification analysis
    B Al-Musawi
    Swinburne 2018

  • Real-Time BGP Anomaly Detection Tool (RTBADT)
    B Al-Musawi
    January 2018

MOST CITED SCHOLAR PUBLICATIONS

  • BGP anomaly detection techniques: A survey
    B Al-Musawi, P Branch, G Armitage
    IEEE Communications Surveys & Tutorials 19 (1), 377-396 2016
    Citations: 177

  • Mitigating DoS/DDoS attacks using iptables
    BQM AL-Musawi
    International Journal of Engineering & Technology 12 (3), 101-111 2012
    Citations: 48

  • Detecting BGP instability using recurrence quantification analysis (RQA)
    B Al-Musawi, P Branch, G Armitage
    2015 IEEE 34th International Performance Computing and Communications 2015
    Citations: 40

  • Using BGP features towards identifying type of BGP anomaly
    NH Hammood, B Al-Musawi
    2021 International Congress of Advanced Technology and Engineering (ICOTEN 2021
    Citations: 15

  • Recurrence behaviour of BGP traffic
    B Al-Musawi, P Branch, G Armitage
    2017 27th International Telecommunication Networks and Applications 2017
    Citations: 15

  • Identifying OSPF LSA falsification attacks through non-linear analysis
    B Al-Musawi, P Branch, MF Hassan, SR Pokhrel
    Computer Networks 167, 107031 2020
    Citations: 12

  • A new intrusion detection system based on using non-linear statistical analysis and features selection techniques
    A Al-Bakaa, B Al-Musawi
    Computers & Security 122, 102906 2022
    Citations: 11

  • Detecting BGP anomalies using recurrence quantification analysis
    B Al-Musawi
    Swinburne 2018
    Citations: 11

  • BGP Replay Tool (BRT) v0.2
    B Al-Musawi, R Al-Saadi, P Branch, G Armitage
    http://i4t.swin.edu.au/reports/I4TRL-TR-170606A.pdf 2017
    Citations: 10

  • A survey of BGP anomaly detection using machine learning techniques
    NH Hammood, B Al-Musawi, AH Alhilali
    International Conference on Applications and Techniques in Information 2021
    Citations: 8

  • Internet of Things security techniques: A survey
    SM Alturfi, HA Marhoon, B Al-Musawi
    AIP Conference Proceedings 2290 (1) 2020
    Citations: 6

  • Energy-balanced and distributed clustering protocol for IoT wireless sensors
    MF Hassan, SR Pokhrel, B Al-Musawi
    2020 IEEE Wireless Communications and Networking Conference Workshops (WCNCW 2020
    Citations: 6

  • Preventing brute force attack through the analyzing log
    ALM Bahaa
    Iraqi Journal of Science 53 (3), 663-667 2012
    Citations: 6

  • Anomaly detection in cloud network: A review
    A Al-Mazrawe, B Al-Musawi
    BIO Web of Conferences 97, 00019 2024
    Citations: 5

  • Flow-based intrusion detection systems: A survey
    A Al-Bakaa, B Al-Musawi
    International Conference on Applications and Techniques in Information 2021
    Citations: 5

  • Improving the performance of intrusion detection system through finding the most effective features
    A Al-Bakaa, B Al-Musawi
    2021 International Congress of Advanced Technology and Engineering (ICOTEN), 1-9 2021
    Citations: 4

  • An advanced classification of cloud computing security techniques: A survey
    SM Alturfi, B Al-Musawi, HA Marhoon
    AIP Conference Proceedings 2290 (1) 2020
    Citations: 4

  • Design and implementation of fast floating point units for FPGAs
    MF Hassan, KF Hussein, B Al-Musawi
    Indonesian Journal of Electrical Engineering and Computer Science 19 (3 2020
    Citations: 4

  • Innovative fitness functions for robust energy management in WSNs
    MF Hassan, B Al-Musawi, AK Al-Janabi
    Journal of Network and Systems Management 31 (4), 76 2023
    Citations: 3

  • RDTD: A tool for detecting internet routing disruptions at AS-level
    B Al-Musawi, MF Hassan, SM Alturfi
    Journal of Telecommunications and the Digital Economy 8 (2), 18-30 2020
    Citations: 3