Mudhafar M Al-Jarrah - Academia.edu (original) (raw)

Papers by Mudhafar M Al-Jarrah

2018 11th International Conference on Developments in eSystems Engineering (DeSE), 2018

Various steganalysis methods have been introduced in the literature. These methods have been deve... more Various steganalysis methods have been introduced in the literature. These methods have been developed to combat specific steganography techniques and to detect data hidden in specific image formats. However, no single steganalysis method or tool can detect all types of steganography or support all available image formats. One of the problems is the need for a more general system to cover different types of image formats and the ability to detect a wider range of stego images, as blindly created by many steganography methods. This paper has presented an image steganalysis system to distinguished between clean and stego images using three different techniques. The first technique is the extraction of a large number of image features from the colour gradient cooccurrence matrix (CGCM). The second is the extraction of a number of histogram features by exploiting the histogram of difference image, which is usually a generalised Gaussian distribution centred at 0. Finally, the CGCM features and histogram features tested were merged to improve the performance of the system. Merging two different types of features allows one to take advantage of the beneficial properties of each in order to increase system ability in terms of detection. The experimental results demonstrate that the proposed system possesses reliable detection ability and accuracy. The proposed system is a more generalized detector than previous systems, covering a wider variety of stego image types and image formats. In addition, experimental results show that the proposed steganalysis system performed considerably better than some previous detection methods.

Proceedings of the International Conference on Future Networks and Distributed Systems, 2017

In this paper, we present an image steganalysis model with a new texture feature set that is desi... more In this paper, we present an image steganalysis model with a new texture feature set that is designed to take into consideration the pattern of embedding locations in a cover image. The chosen feature set in based on statistical texture features of images including gray level co-occurrence matrix (GLCM), Entropy, and additional statistical image features that can discriminate between clean and stego images. The guiding principle in choosing the feature set elements is that steganography techniques embed secret data in the right half-byte of an image's bytes, the least significant bits, to avoid perceptible visual distortion that can result from embedding in the left half-bytes. Therefore, the proposed features are applied to 2-LSB, 3-LSB and 4-LSB bit planes of a cover image as well as the full-bytes. For the experimental work, the grayscale single-channel image format was chosen for cover images, and we used the public BossBase1.01 dataset which consists of 10,000 PGM images. The selected classifier was the Support Vector Machine algorithm as implemented in MATLAB. Embedding of data in the cover images was based on 2LSB and 4LSB spatial domain schemes. The feature vectors of clean images, 2LSB stego images and 4LSB stego images, 10,000 each, were analyzed. The detection accuracy results of the validation phase was 99.41% for the combined clean and 4LSB images, and 99.02% for the clean and 2LSB stego images. The paper ends with conclusion and suggestions for applying the proposed model to multi-channel images, and for dealing with alternative steganography schemes.

2019 2nd International Conference on Signal Processing and Information Security (ICSPIS), 2019

This paper investigates the design of anomaly detectors and feature sets for Personal Information... more This paper investigates the design of anomaly detectors and feature sets for Personal Information Number (PIN) authentication on mobile devices. The work involved a selection of raw data feature sets that are extracted from mobile devices, such as finger area, pressure, and timestamp. A set of primary and secondary authentication features have been formulated, which are calculated from the raw data features. The anomaly detectors are based on the outlier concept, where an input PIN's calculated feature is classified as imposter value if it is outside an acceptable zone from a central value such as the mean or median of a set of training values. The Z-Score method is used as the distance function of the anomaly detectors, and three versions are investigated; the standard deviation-based Z-Score, the modified Z-Score which uses the Median-Absolute-Deviation (MAD) and the Average-Absolute-Deviation (AAD) Z-Score function. The three single models are combined into ensemble models. Experimental work resulted in a PIN dataset from 70 subjects, where the data included genuine and imposter PIN data. The primary and secondary authentication features dataset were calculated from the raw features dataset. The results showed that the merged AAD and MAD ensemble model achieved the lowest error rate.

2016 9th International Conference on Developments in eSystems Engineering (DeSE), 2016

This paper presents a keystroke dynamics system for mobile devices that employs a statistical dis... more This paper presents a keystroke dynamics system for mobile devices that employs a statistical distance-to-median anomaly detector. The selected feature set combines the keystroke timing features of hold and latency and the touch screen features of pressure and finger area. The proposed system consists of two modules: training and testing. The aim of the system is to be a research tool to serve two purposes: (i) the generation of a model-independent dataset of keystroke data on mobile devices, for comparison of keystroke dynamics anomaly detectors, (ii) to be used in the evaluation of the authentication performance of the implemented distance-to-median anomaly detector. The system works in the Android environment on Nexus smartphones and tablets. The experimental work has generated a dataset of 2856 records from 56 subjects, 51 records per subject, where each record represents 71 feature elements resulting from the typing of a standard 10-character password. Statistical analysis of the collected dataset showed an equal-error-rate (EER) of 0.049 when using a different pass-mark per subject, and 0.054 when using a global pass-mark for all subjects. The EER results are much lower than previously published results using three distance-based verification models. Also, the false-acceptance-rate at 5% false-rejection-rate is 5.6%, which is much lower than previously published results, but it is still high and needs to be reduced. Evaluation of the testing (authentication) part of the system was carried out through test runs where a genuine user enters his user-id and password as a login attempt, and the resulting test vector of feature elements are matched against the stored template of the user. The login attempt is classified as genuine or impostor based on a preset pass-mark. Conclusions and suggestions for future work are presented.

2019 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), 2019

The use of behavioral biometrics in user authentication has recently moved to new security applic... more The use of behavioral biometrics in user authentication has recently moved to new security application areas, one of which is verifying finger-drawn signatures and PIN codes. This paper investigates the design of anomaly detectors and feature sets for graphic signature authentication on touch devices. The work involved a selection of raw data feature sets that are extracted from modern mobile devices, such as finger area, pressure, velocity, acceleration, gyroscope, timestamp and position coordinates. A set of computed authentication features are formulated, derived from the raw features. The proposed anomaly detector is based on the outlier method, using three versions of the Z-Score distance metric. The proposed feature sets and anomaly detectors are implemented as a data collection and dynamic authentication system on an Android tablet. Experimental work resulted in collecting a signature dataset that included genuine and forged signatures. The dataset was analyzed using the Equal-Error-Rate (EER) metric. The results for random forgery and skilled forgery showed that the Z-Score anomaly detector with 3.5 standard deviations distance from the mean produced the lowest error rates. The skilled forgery error rates were close to random forgery error rates, indicating that behavioral biometrics are the key factors in detecting forgeries, regardless of pre-knowledge of the signature's shape.

2016 9th International Conference on Developments in eSystems Engineering (DeSE), 2016

Steganography, the technology of protecting a secret message by embedding it inside a cover image... more Steganography, the technology of protecting a secret message by embedding it inside a cover image, continues to be investigated and enhanced as an alternative data protection method. This paper deals with hiding multimedia files in true color RGB cover images with an emphasis on reducing the cover size, increasing hiding capacity and enhancing security of the hidden data. A proposed model (DuoHide) is presented in which a secret multimedia file, regardless of its type, is processed without un-compression, and divided between two cover images of equal size and dimensions. The multimedia file is read as a stream of bytes and split vertically into two parts, one part contains the least significant half-bytes, and the other part contains the most significant half-bytes. The two parts are hidden inside two uncompressed RGB cover images using a least significant 4-bit replacement technique. The resulting dual stego images are expected to be sent separately, through different channels, to ...

Computer Engineering and Intelligent Systems, 2014

The analysis of digital images for content discovery is a process of identifying and classifying ... more The analysis of digital images for content discovery is a process of identifying and classifying patterns and subimages that can lead to recognizing contents of the processed image. The image content analysis system presented in this paper aims to provide the machine with the capability to simulate in some sense, a similar capability in human beings. The developed system consists of three levels. In the low level, image clustering is performed to extract features of the input data and to reduce dimensionality of the feature space. Classification of the scene images are carried out using a single layer neural network, trained through Kohonen's self-organizing algorithm, with conscience function, to produce a set of equi-probable weights vector. The intermediate level consists of two parts. In the first part an image is partitioned into homogeneous regions with respect to the connectivity property between pixels, which is an important concept used in establishing boundaries of objects and component regions in an image. For each component, connected components can be determined by a process of component labeling. In the second part, feature extraction process is performed to capture significant properties of objects present in the image. In the high level; extracted features and relations of each region in the image are matched against the stored object models using the genetic algorithm approach. The implemented system is used in the analysis and recognition of colored images that represent natural scenes.

2018 11th International Conference on Developments in eSystems Engineering (DeSE), 2018

This paper presents a steganalysis model that uses an enhanced grayscale statistical feature set,... more This paper presents a steganalysis model that uses an enhanced grayscale statistical feature set, in the detection of data hiding in uncompressed RGB color images. A dataset of 3000 RGB images is created, using natural images from public sources, in TIFF and JPEG formats, that are converted to BMP format and resized to 512x512 pixels. The clean images are embedded with secret image data, using two payload schemes, 2 bits per channel (bpc) and 4 bits per channel. The selected feature set consists of 24 features per color channel, 72 features per image, which includes the Gray Level Co-Occurrence Matrix (GLCM) features, Entropy features, and statistical measures of variation. The feature set elements are calculated for individual channels, combined into image features vector. The steganalysis process is based on supervised machine learning, utilizing the Support Vector Machine (SVM) binary classifier's implementation in MATLAB. The results show very high detection accuracy for the two cases of 2-bpc and 4-bpc embedding schemes. Also, there are no noticeable differences in the detection accuracy between the two sources of images, even though un-compression of the JPEG images has reduced their noise contents. The paper ends with a conclusion and suggestions for future work.

Proceedings of the 2019 2nd International Conference on Information Hiding and Image Processing, 2019

First, I would like to thank Allah for the strength and patience he had given me to finish this w... more First, I would like to thank Allah for the strength and patience he had given me to finish this work. This work could not have been achieved without having faith that Allah is there to support and help me. May he bless everyone who was there for me during my studying period.

Proceedings of the 2019 2nd International Conference on Information Hiding and Image Processing, 2019

This dataset contains 3000 RGB-BMP images, dimensions 512x512, for steganography, steganalysis an... more This dataset contains 3000 RGB-BMP images, dimensions 512x512, for steganography, steganalysis and similar image processing applications.

—Steganography, the technology of protecting a secret message by embedding it inside a cover imag... more —Steganography, the technology of protecting a secret message by embedding it inside a cover image, continues to be investigated and enhanced as an alternative data protection method. This paper deals with hiding multimedia files in true color RGB cover images with an emphasis on reducing the cover size, increasing hiding capacity and enhancing security of the hidden data. A proposed model (DuoHide) is presented in which a secret multimedia file, regardless of its type, is processed without un-compression, and divided between two cover images of equal size and dimensions. The multimedia file is read as a stream of bytes and split vertically into two parts; one part contains the least significant half-bytes, and the other part contains the most significant half-bytes. The two parts are hidden inside two uncompressed RGB cover images using a least significant 4-bit replacement technique. The resulting dual stego images are expected to be sent separately, through different channels, to avoid capture of both stego files by an adversary. Extraction of the secret file is achieved through merging LSB half-bytes from the two stego files. The extracted file is identical in content and structure with the original secret file. The implemented DuoHide system was evaluated using a set of public multimedia files; images, audios, and videos, of various sizes. The secret file sizes ranged from 5% to about 100% of the cover image's size. The experimental results showed that even at the highest embedding ratio, which is based on the secret-to-cover ratio, there were no perceptible visual differences between cover and stego images. The PNSR value was calculated as PSNR1, for cover1 and stego1, and PSNR2 for cover2 and stego2. The lowest PSNR value was around 31 dB for the highest embedding ratio, which is considered acceptable concerning statistical imperceptibility. The PSNR value increased as the embedding ratio decreased, reaching around 65 Decibel (dB) for the case of 5% secret-to-cover ratio. The integrity of the extracted secret file was verified through a bitwise comparison between original and extracted files, which showed zero differences. The DuoHide model is expected to provide better security for the hidden file, in case an attacker manages to capture one of the stego images and recover the hidden content because the attacker will only get an incomprehensible set of half-byte bits. An additional advantage of using a pair of stego files is that of reducing stego file size by 50%, to avoid problems and limitations of transmitting large files, especially that multimedia files are often large, and they cannot be compressed because they are already compressed. Security of the DuoHide system can further be improved by randomizing storage locations within the two stego images.

—This paper presents a keystroke dynamics system for mobile devices that employs a statistical di... more —This paper presents a keystroke dynamics system for mobile devices that employs a statistical distance-to-median anomaly detector. The selected feature set combines the keystroke timing features of hold and latency and the touch screen features of pressure and finger area. The proposed system consists of two modules: training and testing. The aim of the system is to be a research tool to serve two purposes: (i) the generation of a model-independent dataset of keystroke data on mobile devices, for comparison of keystroke dynamics anomaly detectors; (ii) to be used in the evaluation of the authentication performance of the implemented distance-to-median anomaly detector. The system works in the Android environment on Nexus smartphones and tablets. The experimental work has generated a dataset of 2856 records from 56 subjects, 51 records per subject, where each record represents 71 feature elements resulting from the typing of a standard 10-character password. Statistical analysis of the collected dataset showed an equal-error-rate (EER) of 0.049 when using a different pass-mark per subject, and 0.054 when using a global pass-mark for all subjects. The EER results are much lower than previously published results using three distance-based verification models. Also, the false-acceptance-rate at 5% false-rejection-rate is 5.6%, which is much lower than previously published results, but it is still high and needs to be reduced. Evaluation of the testing (authentication) part of the system was carried out through test runs where a genuine user enters his user-id and password as a login attempt, and the resulting test vector of feature elements are matched against the stored template of the user. The login attempt is classified as genuine or impostor based on a preset pass-mark. Conclusions and suggestions for future work are presented.

2016 Sixth International Conference on Digital Information Processing and Communications (ICDIPC), 2016

Many image-processing algorithms are particularly suited to parallel computing, as they process i... more Many image-processing algorithms are particularly suited to parallel computing, as they process images that are difficult and time consuming to analyse. In particular, medical images of tissues tend to be very complex with great irregularity and variability in shapes. Furthermore, existing algorithms contain explicit parallelism, which can be efficiently exploited by processing arrays. A good example of an image processing operation is the geometric rotation of a rectangular bitmap. This paper presents a set of systolic array designs for implementing the geometric rotation algorithms of images on VLSI processing arrays. The examined algorithm performs a trigonometric transformation on each pixel in an image. The design is implemented as a distributed computing system of networked computers using Parallel Virtual Machine (PVM) model. Each node (computer) in the network takes part in the task in hand – such as image processing – using message passing. Comments and conclusions about th...

International Journal of Academic Research, 2013

Image content analysis is the process of discovering and understanding patterns that are relevant... more Image content analysis is the process of discovering and understanding patterns that are relevant to the performance of an image based task. One of the principal goals of image content analysis is to equip a computer system, in an approximate sense, with image analysis capabilities similar to the way human beings perform such analysis. This paper presents a novel approach which combines two methods: Neural Networks and Semantic Networks. An image content analysis system is presented, which consists of three levels. In the low level, image clustering is performed to extract the features of the input data and to reduce the dimensionality of the feature space. Classification of the scene images are carried out through a single layer neural network, trained using Kohonen's competitive learning algorithm, with conscience function to produce a set of equi-probable weight vector. The intermediate level consists of two parts. In the first part an image is partitioned into homogeneous regions with respect to the connectivity property between pixels, which is an important concept used in establishing boundaries of objects and component regions in an image. For each component, connected components can be determined by a process called component labeling. In the second part, feature extraction process is performed to capture significant properties of objects present in the image. The semantic networks approach is used to represent the features. In the high level; extracted features and relations of each region in the image are matched against the stored object models using a knowledge-based recognition and interpretation approach. The images used for recognition in this work are colored images that represent natural scenes. The images are analyzed using the content analysis system developed in this work, and results of the analysis are presented, showing recognition for each part of an image.

This paper presents an anomaly detector for keystroke dynamics authentication, based on a statist... more This paper presents an anomaly detector for keystroke dynamics authentication, based on a statistical measure of proximity, evaluated through the empirical study of an independent benchmark of keystroke data. A password typing-rhythm classifier is presented, to be used as an anomaly detector in the authentication process of genuine users and impostors. The proposed user authentication method involves two phases. First a training phase in which a user typing profile is created through repeated entry of password. In the testing phase, the password typing rhythm of the user is compared with the stored typing profile, to determine whether it is a genuine user or an impostor. The typing rhythm is obtained through keystroke timings of key-down / key-up of individual keys and the latency between keys. The training data is stored as a typing profile, consisting of a vector of median values of elements of the feature set, and as a vector of standard deviations for the same elements. The proposed classifier algorithm computes a score for the typing of a password to determine authenticity. A measure of proximity is used in the comparison between feature set medians vector and feature set testing vector. Each feature in the testing vector is given a binary score of 1 if it is within a proximity distance threshold from the stored median of that feature, otherwise the score is 0. The proximity distance threshold for a feature is chosen to be the standard deviation of that feature in the training data. The typing of a password is classified as genuine if the accumulated score for all features meet a minimum acceptance threshold. Analysis of the benchmark dataset using the proposed classifier has given an improved anomaly detection performance in comparison with results of 14 algorithms that were previously tested using the same benchmark.

2018 11th International Conference on Developments in eSystems Engineering (DeSE), 2018

Proceedings of the International Conference on Future Networks and Distributed Systems, 2017

2019 2nd International Conference on Signal Processing and Information Security (ICSPIS), 2019

2016 9th International Conference on Developments in eSystems Engineering (DeSE), 2016

Computer Engineering and Intelligent Systems, 2014

2018 11th International Conference on Developments in eSystems Engineering (DeSE), 2018

Proceedings of the 2019 2nd International Conference on Information Hiding and Image Processing, 2019

2016 Sixth International Conference on Digital Information Processing and Communications (ICDIPC), 2016

International Journal of Academic Research, 2013