Qutaibah Althebyan | Jordan University of Science and Technology (original) (raw)

Papers by Qutaibah Althebyan

Research paper thumbnail of Design and analysis of knowledge-base centric insider threat models

... I would also like to thank Dr. Gordon Beavers, Dr. Dale Thompson, and Dr. Nebil Buyurgan for ... more ... I would also like to thank Dr. Gordon Beavers, Dr. Dale Thompson, and Dr. Nebil Buyurgan for serving in my dissertation committee and ... my love, thanks and gratitude for my great family; my great wife Eman Almasri and my great lovely kids Anas, Abdurrahman, and Mohammad. ...

Research paper thumbnail of Mitigating insider threats in a cloud using a knowledgebase approach while maintaining data availability

2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 2015

Research paper thumbnail of Towards improving resource management in cloud systems using a multi-agent framework

International Journal of Cloud Computing, 2016

With the goal of efficient sharing of resources and services, the cloud computing paradigm has ga... more With the goal of efficient sharing of resources and services, the cloud computing paradigm has gained a lot of interest recently. Using a pay-per-use model, the customers can access the available resources and services in an on-demand dynamically-scalable manner. This work focuses on improving the resource utilization by optimizing the resource provisioning which leads to many benefits such as reduced cost, improved customers experience, shortened completion time, etc. These objectives are achieved by utilizing a multi-agent framework in which different agents are responsible for different tasks including the monitoring of customers (behavior, resource usage patterns and quality of service (QoS) requirements as stated in the service level agreement (SLA)) and available resources as well as the provisioning of resources based on customers requests. Moreover, we introduce the concept of TaskFlow which allows a more elastic provisioning of the resources to match the customer real usage of the resources. The proposed system is implemented and tested on the CloudSim simulator and the results show it increases resource utilization and decreases power consumption while avoiding SLA violations. The results also show that the introduction of the concept of TaskFlow into our proposed system leads to more resource saving but with a higher risk of SLA violations.

Research paper thumbnail of Cloud support for large scale e-healthcare systems

Annals of Telecommunications, 2016

Research paper thumbnail of Multi-Agent Based Dynamic Resource Provisioning and Monitoring In Cloud Computing Systems

The cloud computing paradigm provides a shared pool of resources and services with different mode... more The cloud computing paradigm provides a shared pool of resources and services with different models delivered to the customers through the Internet via an on-demand dynamically-scalable form charged using a pay-per-use model. The main problem we tackle in this paper is to optimize the resource provisioning task by shortening the completion time for the customers' tasks while minimizing the associated cost.

Research paper thumbnail of Multi-agent based dynamic resource provisioning and monitoring for cloud computing systems infrastructure

Cluster Computing, 2015

The cloud computing paradigm provides a shared pool of resources and services with different mode... more The cloud computing paradigm provides a shared pool of resources and services with different models delivered to the customers through the Internet via an on-demand dynamically-scalable form charged using a pay-per-use model. The main problem we tackle in this paper is to optimize the resource provisioning task by shortening the completion time for the customers' tasks while minimizing the associated cost.

Research paper thumbnail of An Empirical Study of the Effect of Power Law Distribution on the Interpretation of OO Metrics

ISRN Software Engineering, 2013

Context. Software metrics are surrogates of software quality. Software metrics can be used to fin... more Context. Software metrics are surrogates of software quality. Software metrics can be used to find possible problems or chances for improvements in software quality. However, software metrics are numbers that are not easy to interpret. Previous analysis of software metrics has shown fat tails in the distribution. The skewness and fat tails of such data are properties of many statistical distributions and more importantly the phenomena of the power law. These statistical properties affect the interpretation of software quality metrics. Objectives. The objective of this research is to validate the effect of power laws on the interpretation of software metrics. Method. To investigate the effect of power law properties on software quality, we study five open-source systems to investigate the distribution and their effect on fault prediction models. Results. Study shows that power law behavior has an effect on the interpretation and usage of software metrics and in particular the CK metrics. Many metrics have shown a power law behavior. Threshold values are derived from the properties of the power law distribution when applied to open-source systems. Conclusion. The properties of a power law distribution can be effective in improving the fault-proneness models by setting reasonable threshold values.

Research paper thumbnail of Detection of Insiders Misuse in Database Systems

Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks ... more Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks are those that come from outside the system, however, insider attacks are those that are launched from insiders of the system. In this paper we concentrate on insider attacks detection on the application level; database is our focus. Insider attacks differ from outsider attacks in many ways; most importantly, insiders have more knowledge about the underlying systems. Because of their knowledge and their privileges of the system resources; their risk can be greater and more severe. In fact, insiders can find vulnerabilities in the system easily. Several techniques have been proposed that tackled the insider threat problem, but most of them concentrate on insider threat detection in computer system level. We describe a method for insider threat detection in database systems that handle entrants on the role of insiders for such attacks. Our simulation results show resistance against such at...

Research paper thumbnail of Multi-threading based Map Reduce tasks scheduling

2014 5th International Conference on Information and Communication Systems (ICICS), 2014

Map Reduce is a parallel and a distributed computing framework used to process datasets that have... more Map Reduce is a parallel and a distributed computing framework used to process datasets that have large scale nature on a cluster. Due to the nature of data that needs to be handled in the Map Reduce problem which involves huge amount of data, many problems came up that are of great importance. Scheduling tasks is considered one of these major problems that face Map Reduce frameworks. In this paper, we tackled this problem and proposed a new scheduling algorithm that is based on a multi-threading principle. In our proposed algorithm, we divided the cluster into multi blocks where each one of them is scheduled by a special thread. Two major factors are used to test our algorithm; the simulation time and the energy consumption. Our proposed scheduler is then compared with existing schedulers and the results showed the superiority and the preference of our proposed scheduler over the existing schedulers.

Research paper thumbnail of PEP-side caching: An insider threat port

2013 IEEE 14th International Conference on Information Reuse & Integration (IRI), 2013

PEP-side caching is used in request-response access control mechanisms to increase the availabili... more PEP-side caching is used in request-response access control mechanisms to increase the availability and reduce the processing overhead on PDP. Nonetheless, this paper shows that using this approach may open an insider threat port that can be used to bypass access control models in cloud and distributed relational databases. Moreover, the paper proposes a light model that detects and prevents the threat without affecting the performance of PEP and PDP, and it keeps the advantages of PEP-side caching model.

Research paper thumbnail of Evaluating map reduce tasks scheduling algorithms over cloud computing infrastructure

Concurrency and Computation: Practice and Experience, 2015

Efficiently scheduling MapReduce tasks is considered as one of the major challenges that face Map... more Efficiently scheduling MapReduce tasks is considered as one of the major challenges that face MapReduce frameworks. Many algorithms were introduced to tackle this issue. Most of these algorithms are focusing on the data locality property for tasks scheduling. The data locality may cause less physical resources utilization in non-virtualized clusters and more power consumption. Virtualized clusters provide a viable solution to support both data locality and better cluster resources utilization. In this paper, we evaluate the major MapReduce scheduling algorithms such as FIFO, Matchmaking, Delay, and multithreading locality (MTL) on virtualized infrastructure. Two major factors are used to test the evaluated algorithms: the simulation time and the energy consumption. The evaluated schedulers are compared, and the results show the superiority and the preference of the MTL scheduler over the other existing schedulers. Also, we present a comparison study between virtualized and non-virtualized clusters for MapReduce tasks scheduling. Q. ALTHEBYAN ET AL.

Research paper thumbnail of A Scalable Map Reduce Tasks Scheduling: A Threading Based Approach

International Journal of Computational Science and Engineering

he Map Reduce paradigm is now considered a standard platform that is used for large scale data pr... more he Map Reduce paradigm is now considered a standard platform that is used for large scale data processing and management. A major operation that the Map Reduce platform relies on greatly is tasks scheduling. Although many schedulers have been presented, task scheduling is still one of the major problems that face Map Reduce frameworks. Schedulers need to maintain data locality to achieve an acceptable performance by avoiding several data transmissions. Hence, in this paper we propose a new scheduling algorithm named “MTL” that utilizes multi-threading principles. The MTL scheduler assigns a dedicated thread for each data block. Indeed, the multi-threading approach shows great results that make our MTL scheduler a scalable one that performs well. At the same time, it maintains the locality property. During the evaluation of the MTL scheduler performance, two main factors were taken into consideration; the simulation time and the energy consumption. The MTL scheduler is then compared ...

Research paper thumbnail of A Knowledge-Base Model for Insider Threat Prediction

2007 IEEE SMC Information Assurance and Security Workshop, 2007

ABSTRACT Many consider insider attacks to be more severe and devastating than outsider attacks. M... more ABSTRACT Many consider insider attacks to be more severe and devastating than outsider attacks. Many techniques exist for defending against outsider attacks. However, little work has been presented for defending insider attacks and threats. In this work, we presented a prediction technique for insider threats. Due to the nature of these kinds of attacks, we relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method.

Research paper thumbnail of A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack

IFIP – The International Federation for Information Processing, 2008

Many consider insider attacks to be more severe than outsider attacks due to the nature of such a... more Many consider insider attacks to be more severe than outsider attacks due to the nature of such attacks that involve people who have knowledge of their own organization. In this work, we presented a new model to evaluate and analyze a system after the occurrence of an insider attack. By evaluating and analyzing the system after detecting such attack, we classified systems' objects into a list of non affected objects and a list of affected objects. We also introduced a new graph called knowledge Bayesian attack graph (KBAG). KBAG represents possible candidate paths that malicious insiders may follow to achieve their goal of compromising critical objects. KBAG also enables us to calculate risk values for different objects using Bayesian inference techniques. These risk values will be considered as measurements for the likelihood of possible occurrence of other insider attacks that have not yet been detected by the underlying system.

Research paper thumbnail of Performance Evaluation for Higher Educational Institutions within Data Envelopment Analysis

Nowadays, governments are increasingly investing more money in universities and especially in the... more Nowadays, governments are increasingly investing more money in universities and especially in the higher education in order to improve their quality. At the same time universities are facing a dramatic growth on the number of students especially the graduate students. Hence, measuring the performance of such universities in order to evaluate how they react with such number increase is vital. Hence, this paper will evaluate the performance of Jordanian higher educational institutions and then highlights weakness points in reasons that caused inefficient universities (if found). In order to achieve this, the Data Envelopment Analysis (DEA) is used to measure the performance of the institutions so that inefficient ones (if found) are labeled. Recommendations will then be drawn to guide the inefficient institutions to improve their performance. In this paper, we will measure the performance of Jordanian universities as a special case.

Research paper thumbnail of Building A Smart Academic Advising System Using Association Rule Mining

ABSTRACT In an academic environment, student advising is considered a paramount activity for both... more ABSTRACT In an academic environment, student advising is considered a paramount activity for both advisors and student to improve the academic performance of students. In universities of large numbers of students, advising is a time-consuming activity that may take a considerable effort of advisors and university administration in guiding students to complete their registration successfully and efficiently. Current systems are traditional and depend greatly on the effort of the advisor to find the best selection of courses to improve students performance. There is a need for a smart system that can advise a large number of students every semester. In this paper, we propose a smart system that uses association rule mining to help both students and advisors in selecting and prioritizing courses. The system helps students to improve their performance by suggesting courses that meet their current needs and at the same time improve their academic performance. The system uses association rule mining to find associations between courses that have been registered by students in many previous semesters. The system successfully generates a list of association rules that guide a particular student to select courses registered by similar students.

Research paper thumbnail of Performance analysis of an insider threat mitigation model

In this work, we presented an approach to extract knowledge out of an object. A graph theory appr... more In this work, we presented an approach to extract knowledge out of an object. A graph theory approach to represent and manage the knowledge is explained. We then presented a performance analysis for an insider threat mitigation model proposed earlier. We relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method and conducting our simulation. Our modelpsilas results showed great resistance against such attacks.

Research paper thumbnail of Knowledge Extraction and Management for Insider Threat Mitigation

Research paper thumbnail of A Knowledge-Base Model for Insider Threat Prediction

Many consider insider attacks to be more severe and devastating than outsider attacks. Many techn... more Many consider insider attacks to be more severe and devastating than outsider attacks. Many techniques exist for defending against outsider attacks. However, little work has been presented for defending insider attacks and threats. In this work, we presented a prediction technique for insider threats. Due to the nature of these kinds of attacks, we relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method.

Research paper thumbnail of A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack

Many consider insider attacks to be more severe than outsider attacks due to the nature of such a... more Many consider insider attacks to be more severe than outsider attacks due to the nature of such attacks that involve people who have knowledge of their own organization. In this work, we presented a new model to evaluate and analyze a system after the occurrence of an insider attack. By evaluating and analyzing the system after detecting such attack, we classified systems’ objects into a list of non affected objects and a list of affected objects. We also introduced a new graph called knowledge Bayesian attack graph (KBAG). KBAG represents possible candidate paths that malicious insiders may follow to achieve their goal of compromising critical objects. KBAG also enables us to calculate risk values for different objects using Bayesian inference techniques. These risk values will be considered as measurements for the likelihood of possible occurrence of other insider attacks that have not yet been detected by the underlying system.

Research paper thumbnail of Design and analysis of knowledge-base centric insider threat models

... I would also like to thank Dr. Gordon Beavers, Dr. Dale Thompson, and Dr. Nebil Buyurgan for ... more ... I would also like to thank Dr. Gordon Beavers, Dr. Dale Thompson, and Dr. Nebil Buyurgan for serving in my dissertation committee and ... my love, thanks and gratitude for my great family; my great wife Eman Almasri and my great lovely kids Anas, Abdurrahman, and Mohammad. ...

Research paper thumbnail of Mitigating insider threats in a cloud using a knowledgebase approach while maintaining data availability

2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 2015

Research paper thumbnail of Towards improving resource management in cloud systems using a multi-agent framework

International Journal of Cloud Computing, 2016

With the goal of efficient sharing of resources and services, the cloud computing paradigm has ga... more With the goal of efficient sharing of resources and services, the cloud computing paradigm has gained a lot of interest recently. Using a pay-per-use model, the customers can access the available resources and services in an on-demand dynamically-scalable manner. This work focuses on improving the resource utilization by optimizing the resource provisioning which leads to many benefits such as reduced cost, improved customers experience, shortened completion time, etc. These objectives are achieved by utilizing a multi-agent framework in which different agents are responsible for different tasks including the monitoring of customers (behavior, resource usage patterns and quality of service (QoS) requirements as stated in the service level agreement (SLA)) and available resources as well as the provisioning of resources based on customers requests. Moreover, we introduce the concept of TaskFlow which allows a more elastic provisioning of the resources to match the customer real usage of the resources. The proposed system is implemented and tested on the CloudSim simulator and the results show it increases resource utilization and decreases power consumption while avoiding SLA violations. The results also show that the introduction of the concept of TaskFlow into our proposed system leads to more resource saving but with a higher risk of SLA violations.

Research paper thumbnail of Cloud support for large scale e-healthcare systems

Annals of Telecommunications, 2016

Research paper thumbnail of Multi-Agent Based Dynamic Resource Provisioning and Monitoring In Cloud Computing Systems

The cloud computing paradigm provides a shared pool of resources and services with different mode... more The cloud computing paradigm provides a shared pool of resources and services with different models delivered to the customers through the Internet via an on-demand dynamically-scalable form charged using a pay-per-use model. The main problem we tackle in this paper is to optimize the resource provisioning task by shortening the completion time for the customers' tasks while minimizing the associated cost.

Research paper thumbnail of Multi-agent based dynamic resource provisioning and monitoring for cloud computing systems infrastructure

Cluster Computing, 2015

The cloud computing paradigm provides a shared pool of resources and services with different mode... more The cloud computing paradigm provides a shared pool of resources and services with different models delivered to the customers through the Internet via an on-demand dynamically-scalable form charged using a pay-per-use model. The main problem we tackle in this paper is to optimize the resource provisioning task by shortening the completion time for the customers' tasks while minimizing the associated cost.

Research paper thumbnail of An Empirical Study of the Effect of Power Law Distribution on the Interpretation of OO Metrics

ISRN Software Engineering, 2013

Context. Software metrics are surrogates of software quality. Software metrics can be used to fin... more Context. Software metrics are surrogates of software quality. Software metrics can be used to find possible problems or chances for improvements in software quality. However, software metrics are numbers that are not easy to interpret. Previous analysis of software metrics has shown fat tails in the distribution. The skewness and fat tails of such data are properties of many statistical distributions and more importantly the phenomena of the power law. These statistical properties affect the interpretation of software quality metrics. Objectives. The objective of this research is to validate the effect of power laws on the interpretation of software metrics. Method. To investigate the effect of power law properties on software quality, we study five open-source systems to investigate the distribution and their effect on fault prediction models. Results. Study shows that power law behavior has an effect on the interpretation and usage of software metrics and in particular the CK metrics. Many metrics have shown a power law behavior. Threshold values are derived from the properties of the power law distribution when applied to open-source systems. Conclusion. The properties of a power law distribution can be effective in improving the fault-proneness models by setting reasonable threshold values.

Research paper thumbnail of Detection of Insiders Misuse in Database Systems

Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks ... more Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks are those that come from outside the system, however, insider attacks are those that are launched from insiders of the system. In this paper we concentrate on insider attacks detection on the application level; database is our focus. Insider attacks differ from outsider attacks in many ways; most importantly, insiders have more knowledge about the underlying systems. Because of their knowledge and their privileges of the system resources; their risk can be greater and more severe. In fact, insiders can find vulnerabilities in the system easily. Several techniques have been proposed that tackled the insider threat problem, but most of them concentrate on insider threat detection in computer system level. We describe a method for insider threat detection in database systems that handle entrants on the role of insiders for such attacks. Our simulation results show resistance against such at...

Research paper thumbnail of Multi-threading based Map Reduce tasks scheduling

2014 5th International Conference on Information and Communication Systems (ICICS), 2014

Map Reduce is a parallel and a distributed computing framework used to process datasets that have... more Map Reduce is a parallel and a distributed computing framework used to process datasets that have large scale nature on a cluster. Due to the nature of data that needs to be handled in the Map Reduce problem which involves huge amount of data, many problems came up that are of great importance. Scheduling tasks is considered one of these major problems that face Map Reduce frameworks. In this paper, we tackled this problem and proposed a new scheduling algorithm that is based on a multi-threading principle. In our proposed algorithm, we divided the cluster into multi blocks where each one of them is scheduled by a special thread. Two major factors are used to test our algorithm; the simulation time and the energy consumption. Our proposed scheduler is then compared with existing schedulers and the results showed the superiority and the preference of our proposed scheduler over the existing schedulers.

Research paper thumbnail of PEP-side caching: An insider threat port

2013 IEEE 14th International Conference on Information Reuse & Integration (IRI), 2013

PEP-side caching is used in request-response access control mechanisms to increase the availabili... more PEP-side caching is used in request-response access control mechanisms to increase the availability and reduce the processing overhead on PDP. Nonetheless, this paper shows that using this approach may open an insider threat port that can be used to bypass access control models in cloud and distributed relational databases. Moreover, the paper proposes a light model that detects and prevents the threat without affecting the performance of PEP and PDP, and it keeps the advantages of PEP-side caching model.

Research paper thumbnail of Evaluating map reduce tasks scheduling algorithms over cloud computing infrastructure

Concurrency and Computation: Practice and Experience, 2015

Efficiently scheduling MapReduce tasks is considered as one of the major challenges that face Map... more Efficiently scheduling MapReduce tasks is considered as one of the major challenges that face MapReduce frameworks. Many algorithms were introduced to tackle this issue. Most of these algorithms are focusing on the data locality property for tasks scheduling. The data locality may cause less physical resources utilization in non-virtualized clusters and more power consumption. Virtualized clusters provide a viable solution to support both data locality and better cluster resources utilization. In this paper, we evaluate the major MapReduce scheduling algorithms such as FIFO, Matchmaking, Delay, and multithreading locality (MTL) on virtualized infrastructure. Two major factors are used to test the evaluated algorithms: the simulation time and the energy consumption. The evaluated schedulers are compared, and the results show the superiority and the preference of the MTL scheduler over the other existing schedulers. Also, we present a comparison study between virtualized and non-virtualized clusters for MapReduce tasks scheduling. Q. ALTHEBYAN ET AL.

Research paper thumbnail of A Scalable Map Reduce Tasks Scheduling: A Threading Based Approach

International Journal of Computational Science and Engineering

he Map Reduce paradigm is now considered a standard platform that is used for large scale data pr... more he Map Reduce paradigm is now considered a standard platform that is used for large scale data processing and management. A major operation that the Map Reduce platform relies on greatly is tasks scheduling. Although many schedulers have been presented, task scheduling is still one of the major problems that face Map Reduce frameworks. Schedulers need to maintain data locality to achieve an acceptable performance by avoiding several data transmissions. Hence, in this paper we propose a new scheduling algorithm named “MTL” that utilizes multi-threading principles. The MTL scheduler assigns a dedicated thread for each data block. Indeed, the multi-threading approach shows great results that make our MTL scheduler a scalable one that performs well. At the same time, it maintains the locality property. During the evaluation of the MTL scheduler performance, two main factors were taken into consideration; the simulation time and the energy consumption. The MTL scheduler is then compared ...

Research paper thumbnail of A Knowledge-Base Model for Insider Threat Prediction

2007 IEEE SMC Information Assurance and Security Workshop, 2007

ABSTRACT Many consider insider attacks to be more severe and devastating than outsider attacks. M... more ABSTRACT Many consider insider attacks to be more severe and devastating than outsider attacks. Many techniques exist for defending against outsider attacks. However, little work has been presented for defending insider attacks and threats. In this work, we presented a prediction technique for insider threats. Due to the nature of these kinds of attacks, we relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method.

Research paper thumbnail of A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack

IFIP – The International Federation for Information Processing, 2008

Many consider insider attacks to be more severe than outsider attacks due to the nature of such a... more Many consider insider attacks to be more severe than outsider attacks due to the nature of such attacks that involve people who have knowledge of their own organization. In this work, we presented a new model to evaluate and analyze a system after the occurrence of an insider attack. By evaluating and analyzing the system after detecting such attack, we classified systems' objects into a list of non affected objects and a list of affected objects. We also introduced a new graph called knowledge Bayesian attack graph (KBAG). KBAG represents possible candidate paths that malicious insiders may follow to achieve their goal of compromising critical objects. KBAG also enables us to calculate risk values for different objects using Bayesian inference techniques. These risk values will be considered as measurements for the likelihood of possible occurrence of other insider attacks that have not yet been detected by the underlying system.

Research paper thumbnail of Performance Evaluation for Higher Educational Institutions within Data Envelopment Analysis

Nowadays, governments are increasingly investing more money in universities and especially in the... more Nowadays, governments are increasingly investing more money in universities and especially in the higher education in order to improve their quality. At the same time universities are facing a dramatic growth on the number of students especially the graduate students. Hence, measuring the performance of such universities in order to evaluate how they react with such number increase is vital. Hence, this paper will evaluate the performance of Jordanian higher educational institutions and then highlights weakness points in reasons that caused inefficient universities (if found). In order to achieve this, the Data Envelopment Analysis (DEA) is used to measure the performance of the institutions so that inefficient ones (if found) are labeled. Recommendations will then be drawn to guide the inefficient institutions to improve their performance. In this paper, we will measure the performance of Jordanian universities as a special case.

Research paper thumbnail of Building A Smart Academic Advising System Using Association Rule Mining

ABSTRACT In an academic environment, student advising is considered a paramount activity for both... more ABSTRACT In an academic environment, student advising is considered a paramount activity for both advisors and student to improve the academic performance of students. In universities of large numbers of students, advising is a time-consuming activity that may take a considerable effort of advisors and university administration in guiding students to complete their registration successfully and efficiently. Current systems are traditional and depend greatly on the effort of the advisor to find the best selection of courses to improve students performance. There is a need for a smart system that can advise a large number of students every semester. In this paper, we propose a smart system that uses association rule mining to help both students and advisors in selecting and prioritizing courses. The system helps students to improve their performance by suggesting courses that meet their current needs and at the same time improve their academic performance. The system uses association rule mining to find associations between courses that have been registered by students in many previous semesters. The system successfully generates a list of association rules that guide a particular student to select courses registered by similar students.

Research paper thumbnail of Performance analysis of an insider threat mitigation model

In this work, we presented an approach to extract knowledge out of an object. A graph theory appr... more In this work, we presented an approach to extract knowledge out of an object. A graph theory approach to represent and manage the knowledge is explained. We then presented a performance analysis for an insider threat mitigation model proposed earlier. We relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method and conducting our simulation. Our modelpsilas results showed great resistance against such attacks.

Research paper thumbnail of Knowledge Extraction and Management for Insider Threat Mitigation

Research paper thumbnail of A Knowledge-Base Model for Insider Threat Prediction

Many consider insider attacks to be more severe and devastating than outsider attacks. Many techn... more Many consider insider attacks to be more severe and devastating than outsider attacks. Many techniques exist for defending against outsider attacks. However, little work has been presented for defending insider attacks and threats. In this work, we presented a prediction technique for insider threats. Due to the nature of these kinds of attacks, we relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method.

Research paper thumbnail of A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack

Many consider insider attacks to be more severe than outsider attacks due to the nature of such a... more Many consider insider attacks to be more severe than outsider attacks due to the nature of such attacks that involve people who have knowledge of their own organization. In this work, we presented a new model to evaluate and analyze a system after the occurrence of an insider attack. By evaluating and analyzing the system after detecting such attack, we classified systems’ objects into a list of non affected objects and a list of affected objects. We also introduced a new graph called knowledge Bayesian attack graph (KBAG). KBAG represents possible candidate paths that malicious insiders may follow to achieve their goal of compromising critical objects. KBAG also enables us to calculate risk values for different objects using Bayesian inference techniques. These risk values will be considered as measurements for the likelihood of possible occurrence of other insider attacks that have not yet been detected by the underlying system.