Bahaa Al-Musawi - Academia.edu (original) (raw)

Uploads

Papers by Bahaa Al-Musawi

International Journal of Engineering & Technology, 2012

Denial-of-Service (DoS) is a network security problem that constitutes a serious challenge to rel... more Denial-of-Service (DoS) is a network security problem that constitutes a serious challenge to reliability of services deployed on the servers. The aim of DoS attacks is to exhaust a resource in the target system, reducing or completely subverting the availability of the service provided. Threat of DoS attacks has become even more severe with DDoS (Distributed Denial-of-Service) attack. It is an attempt by malicious users to carry out DoS attack indirectly with the help of many compromised computers on the Internet. Service providers are under mounting pressure to prevent, monitor and mitigate DoS/DDoS attacks directed toward their customers and their infrastructure. Defending against those types of attacks is not a trivial job, mainly due to the use of IP spoofing and the destination-based routing of the Internet, though there are many proposed methods which aim to alleviate the problem like Firewalls, Intrusion Detection Systems, Ingress filtering, IP Traceback, SYN Proxy etc. This paper discusses the efficient packet filtering technique using firewall to defend against DoS/DDoS attacks. Firewall scripts are written using command-line tool iptables in Linux to deny the suspicious traffic. Packet analyzer tool used to showcase the effectiveness of the scripts in mitigating the various kinds of DoS/DDoS attacks.

Iraqi Journal of Science, 2012

Secure Shell (SSH) is a secure remote login program which can be used in place of regular telnet.... more Secure Shell (SSH) is a secure remote login program which can be used in place of regular telnet. It has become the default remote access method for administration of UNIX systems. It is very common for public Internet facing servers to experience attacks that attempt to brute force username and password combinations via SSH to gain access. This paper examines these attacks depending on SSH log file to find unsuccessful logins then blocks IP addresses of unsuccessful logins for a period of time that is decided by administrator and then send an e-mail to administrator to consider whether the addresses blocked belong to users failed to access or by an attacker, finally the administrator will block attacker's IP address forever. Some attackers highly skilled and just used trusted IP address as a user name then the software will block the IP address of attacker as well as the victim IP address that is used by attacker. In this paper, an adaptive mechanism was built-in to distinguish between attacker IP address and victim IP address which may be used by an attacker, and then the program will block just attacker IP address.

ITNAC2017

The Border Gateway Protocol (BGP) is an Internet routing protocol responsible for exchanging netw... more The Border Gateway Protocol (BGP) is an Internet routing protocol responsible for exchanging network reachability information between Autonomous Systems (ASes). Monitoring and mining BGP traffic are important aspects to understand and improve the stability of the Internet. However, identifying the characteristics of BGP traffic is much harder than it seems at a first glance where BGP traffic has been identified as complex, voluminous, and noisy. In this paper, we show that BGP traffic can be understood as an aggregation of oscillations of different frequencies from different ASes. Using linear and nonlinear statistical analysis, we show that BGP traffic shows recurrent behaviour. The source of this behaviour is unsynchronised periodic behaviour from a set of ASes.

IPCCC, 2015

The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectiv... more The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare, when they occur the consequences can be very damaging. Consequently there has been considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. In this paper, we make two contributions. We show that over time BGP messages from BGP speakers have deterministic, recurrence and non-linear properties, then build on this insight to introduce the idea of using Recurrence Quantification Analysis (RQA) to detect BGP instability. RQA can be used to provide rapid identification of traffic anomalies that can lead to BGP instability. Furthermore, RQA is able to detect abnormal behaviours that may pass without observation.

Internet for Things (I4T) Research Lab, 2017

This technical report describes the operation of BGP replay tool v0.2 (BRT v02), a tool to replay... more This technical report describes the operation of BGP replay tool v0.2 (BRT v02), a tool to replay past BGP updates with time stamps. Compared to other BGP replay and inject tools, BRT v0.2 does not require kernel modification at the host's OS, supports different BGP attributes, supports sending IPv6 BGP updates and peering over IPv6. The evaluation of this tool has been done using real Cisco routers, Quagga and Virtual Internet Routing Lab (VIRL) as controlled testbeds.

The Border Gateway Protocol (BGP) is the Internet's default inter-domain routing protocol that ma... more The Border Gateway Protocol (BGP) is the Internet's default inter-domain routing protocol that manages connectivity among Autonomous Systems (ASes). Over the past two decades many anomalies of BGP have been identified that threaten its stability and reliability. This paper discusses and classifies these anomalies and discusses the 20 most significant techniques used to identify them. Our classification is based on the broad category of approach, BGP features used to identify the anomaly, effectiveness in identifying the anomaly and effectiveness in identifying which AS was the location of the event that caused the anomaly. We also discuss a number of key requirements for the next generation of BGP anomaly detection techniques.

In this paper a secret-key Steganographic system will be illustrated which embeds four gray-scale... more In this paper a secret-key Steganographic system will be illustrated which embeds four gray-scale secret images of size ( 128 128 × ) pixels into a cover image of size ( 512 512 × ) pixels. The techniques used in this project to analyze the cover into its frequency components are a Wavelet transform and a new transform that is called Hybrid transform. Hybrid transform overcomes the weakness of Wavelet in higher dimensions; with this transform we own Orthonormality. The Hybrid transform is itself invert-the inverse transform use the same algorithm as the forward transform.

Drafts by Bahaa Al-Musawi

arxiv, 2018

Open Shortest Path First (OSPF) is one of the most widely used routing protocol to manage intra-d... more Open Shortest Path First (OSPF) is one of the most widely used routing protocol to manage intra-domain routing. OSPF has been identified with many serious security issues. LSA falsification is one of the most critical vulnerability that can cause route loop and black hole. Network operators need to rapidly identity such anomalies. Network operators need also to identify hardware failure. In this paper, we investigate the capability of Recurrence Quantification Analysis (RQA), an advanced non-linear statistical analysis technique, to identify OSPF anomalies. We evaluate the capability of RQA to identify OSPF anomalies using a controlled testbed where we introduced different types of LSA falsifications as well as hardware failures. Our evaluation shows that RQA can rapidly detect OSPF anomalies.

International Journal of Engineering & Technology, 2012

Denial-of-Service (DoS) is a network security problem that constitutes a serious challenge to rel... more Denial-of-Service (DoS) is a network security problem that constitutes a serious challenge to reliability of services deployed on the servers. The aim of DoS attacks is to exhaust a resource in the target system, reducing or completely subverting the availability of the service provided. Threat of DoS attacks has become even more severe with DDoS (Distributed Denial-of-Service) attack. It is an attempt by malicious users to carry out DoS attack indirectly with the help of many compromised computers on the Internet. Service providers are under mounting pressure to prevent, monitor and mitigate DoS/DDoS attacks directed toward their customers and their infrastructure. Defending against those types of attacks is not a trivial job, mainly due to the use of IP spoofing and the destination-based routing of the Internet, though there are many proposed methods which aim to alleviate the problem like Firewalls, Intrusion Detection Systems, Ingress filtering, IP Traceback, SYN Proxy etc. This paper discusses the efficient packet filtering technique using firewall to defend against DoS/DDoS attacks. Firewall scripts are written using command-line tool iptables in Linux to deny the suspicious traffic. Packet analyzer tool used to showcase the effectiveness of the scripts in mitigating the various kinds of DoS/DDoS attacks.

Iraqi Journal of Science, 2012

Secure Shell (SSH) is a secure remote login program which can be used in place of regular telnet.... more Secure Shell (SSH) is a secure remote login program which can be used in place of regular telnet. It has become the default remote access method for administration of UNIX systems. It is very common for public Internet facing servers to experience attacks that attempt to brute force username and password combinations via SSH to gain access. This paper examines these attacks depending on SSH log file to find unsuccessful logins then blocks IP addresses of unsuccessful logins for a period of time that is decided by administrator and then send an e-mail to administrator to consider whether the addresses blocked belong to users failed to access or by an attacker, finally the administrator will block attacker's IP address forever. Some attackers highly skilled and just used trusted IP address as a user name then the software will block the IP address of attacker as well as the victim IP address that is used by attacker. In this paper, an adaptive mechanism was built-in to distinguish between attacker IP address and victim IP address which may be used by an attacker, and then the program will block just attacker IP address.

ITNAC2017

The Border Gateway Protocol (BGP) is an Internet routing protocol responsible for exchanging netw... more The Border Gateway Protocol (BGP) is an Internet routing protocol responsible for exchanging network reachability information between Autonomous Systems (ASes). Monitoring and mining BGP traffic are important aspects to understand and improve the stability of the Internet. However, identifying the characteristics of BGP traffic is much harder than it seems at a first glance where BGP traffic has been identified as complex, voluminous, and noisy. In this paper, we show that BGP traffic can be understood as an aggregation of oscillations of different frequencies from different ASes. Using linear and nonlinear statistical analysis, we show that BGP traffic shows recurrent behaviour. The source of this behaviour is unsynchronised periodic behaviour from a set of ASes.

IPCCC, 2015

The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectiv... more The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare, when they occur the consequences can be very damaging. Consequently there has been considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. In this paper, we make two contributions. We show that over time BGP messages from BGP speakers have deterministic, recurrence and non-linear properties, then build on this insight to introduce the idea of using Recurrence Quantification Analysis (RQA) to detect BGP instability. RQA can be used to provide rapid identification of traffic anomalies that can lead to BGP instability. Furthermore, RQA is able to detect abnormal behaviours that may pass without observation.

Internet for Things (I4T) Research Lab, 2017

This technical report describes the operation of BGP replay tool v0.2 (BRT v02), a tool to replay... more This technical report describes the operation of BGP replay tool v0.2 (BRT v02), a tool to replay past BGP updates with time stamps. Compared to other BGP replay and inject tools, BRT v0.2 does not require kernel modification at the host's OS, supports different BGP attributes, supports sending IPv6 BGP updates and peering over IPv6. The evaluation of this tool has been done using real Cisco routers, Quagga and Virtual Internet Routing Lab (VIRL) as controlled testbeds.

The Border Gateway Protocol (BGP) is the Internet's default inter-domain routing protocol that ma... more The Border Gateway Protocol (BGP) is the Internet's default inter-domain routing protocol that manages connectivity among Autonomous Systems (ASes). Over the past two decades many anomalies of BGP have been identified that threaten its stability and reliability. This paper discusses and classifies these anomalies and discusses the 20 most significant techniques used to identify them. Our classification is based on the broad category of approach, BGP features used to identify the anomaly, effectiveness in identifying the anomaly and effectiveness in identifying which AS was the location of the event that caused the anomaly. We also discuss a number of key requirements for the next generation of BGP anomaly detection techniques.

In this paper a secret-key Steganographic system will be illustrated which embeds four gray-scale... more In this paper a secret-key Steganographic system will be illustrated which embeds four gray-scale secret images of size ( 128 128 × ) pixels into a cover image of size ( 512 512 × ) pixels. The techniques used in this project to analyze the cover into its frequency components are a Wavelet transform and a new transform that is called Hybrid transform. Hybrid transform overcomes the weakness of Wavelet in higher dimensions; with this transform we own Orthonormality. The Hybrid transform is itself invert-the inverse transform use the same algorithm as the forward transform.

arxiv, 2018

Open Shortest Path First (OSPF) is one of the most widely used routing protocol to manage intra-d... more Open Shortest Path First (OSPF) is one of the most widely used routing protocol to manage intra-domain routing. OSPF has been identified with many serious security issues. LSA falsification is one of the most critical vulnerability that can cause route loop and black hole. Network operators need to rapidly identity such anomalies. Network operators need also to identify hardware failure. In this paper, we investigate the capability of Recurrence Quantification Analysis (RQA), an advanced non-linear statistical analysis technique, to identify OSPF anomalies. We evaluate the capability of RQA to identify OSPF anomalies using a controlled testbed where we introduced different types of LSA falsifications as well as hardware failures. Our evaluation shows that RQA can rapidly detect OSPF anomalies.