In contrast to traditional devices, Internet of Things (IoT) devices work on the basis of connectivity and data sharing, which necessarily allows for data to reside on multiple platforms or locations. From a digital investigation perspective, reconstructing the full trail of activity involving an IoT device may therefore require composing digital evidence from a variety of devices and locations and this may pose a signicant forensic challenge. Humanoid robots adopt the concept of IoT to perform their functions, and they depend on supervised learning to customize their capabilities to people and environments. Since they are designed to interact with humans in a more social and personal context than other digital devices, a fully functioning humanoid robot can be a rich source of sensitive data about individuals and environments that may assist in any digital investigation. In this paper, we consider the humanoid robot, Zenbo, as a use case to present a comprehensive forensic examination that acts as a guide for forensic examiners by simulating real case scenarios. Furthermore, a deeper examination is conducted on this robot to locate all the useful pieces of evidence and artifacts from multiple locations including root level directories through the use of logical acquisition.
Wavelets have been a popular tool since the 1980s in many areas of engineering, quantum physics, and mathematical analysis. A major contribution of wavelets is their adaption in the JPEG$2000$ picture format. Since then wide applications of wavelets in different areas have emerged. Popular wavelets are those constructed by I. Daubechies which have compact support. In this work, we use Daubechies? wavelets in developing multistep algorithms for the solution of initial value problems (IVPs). Though, such wavelet basis has good approximation property, they do not have explicit formula. This is a challenge in finding inner products. This work tackles this point and uses the properties of wavelet basis to approximate such inner products leading to implicit multistep methods with comparable stability regions with other methods.
Operating Systems (OS) is a favorite target of attacks by hackers to gain unauthorized access using malware that can be created by commonly available malware creation tools. While multiple cyber techniques have been used to gain unauthorized access to computers, ?malware? is commonly used as a threat agent to gain entry into operating systems. Even though operating systems updates, and patches ensure adequate defensive mechanisms to prevent/detect these malwares, it has been found that it is not a foolproof system. To test the capability of the OS we chose three commonly used malware tools to create malware targeted at three versions of Windows OS namely 7, 8.1 and 10. Our penetration test revealed that only version 10 was able to detect and prevent the malware while the rest could not. With millions of Windows 7 and 8.1 still being used by individual computer users and organizations worldwide this is viewed as a potent threat. Furthermore, as malware creation tools gets regularly updated, we feel that eventually Windows 10 may fall victim to these malware attacks.
Data Integrity (DI) is the ability to ensure that a data retrieved from a database is the same as that stored and processed. The loss of Data Integrity is generated by having data being tampered with by authorized or unauthorized users. The purpose of this article is to characterize and quantify Data Integrity in a structured approach by computing its degree (rate) of loss based on defined criteria, relying on DDL and DML operations together with the security configuration of the DBMS. The driving idea is to provide a simple, yet strong, way to inform the end-user (mainly non-experts although it can be used by experts for investigation matters) with a simple manner of appreciating the DI and potential related issues to support the decision making. We discuss different scenarios to measure the data integrity loss.
Databases can be seen as the backbone of any developed application that provides the feature of managing data. The storage capability of databases can be utilized in digital forensic investigations to retrieve various data about the suspect and the carried activities. While encryption can be used to protect some or all the data stored in the database, a weakness in setting up the encryption may assist the forensics investigator in decrypting some of the stored encrypted data. In this paper, we discuss how a security setup weakness in SQLite can be of great assistance for an investigator and how it can be used in a forensics investigation.
Crowd analysis is currently the prime focus of many research works in computer vision. In this report, a deep learning method for detection of three categories in crowded scenes, i.e. individuals, small and large groups, is proposed. In the method, the training data for these categories are automatically annotated using alternative appearance and motion models. Then, three detectors are trained to identify individuals, small groups, and large groups, using Faster R-CNN (regions with convolutional neural networks) architecture. Additional training data are periodically collected and annotated (using the same computer vision models) to fine-tune/retrain the detectors, and to enhance their performances, especially when the test scenes and environments are changing. The proposed method is tested on different scenarios, and results are provided to demonstrate performances.
The unprecedented growth in the amount of online information available in many languages to users and businesses, including news articles and social media, has made it difficult and time consuming for users to identify and consume sought after content. Hence, automatic text summarization for various languages to generate accurate and relevant summaries from the huge amount of information available is essential nowadays. Techniques and methodologies for automatic Arabic text summarization are still immature due to the inherent complexity of the Arabic language in terms of both structure and morphology. This work attempts to improve the performance of Arabic text summarization. We propose a new Arabic text summarization approach based on a new noun extraction method and fuzzy logic. The proposed summarizer is evaluated using EASC corpus and benchmarked against popular state of the art Arabic text summarization systems. The results indicate that our proposed Fuzzy logic approach with noun extraction outperforms existing systems.
The use of Kubernetes containers in cloud computing has been steadily increasing. With the emergence of Kubernetes, the management of applications inside containers (or pods) is simplified. Kubernetes allows automated actions like self-healing, scaling, rolling back and updates for application management. At the same time, security threats have evolved with attacks on pods to perform malicious actions becoming ever more sophisticated. Out of several recent malware types, cryptomining has emerged as one of the most serious threats with its hijacking of server resources cryptocurrency mining. During application deployment and execution in the pod, a cryptomining process, started by a hidden malware executable can also run in the background. A method to detect malicious cryptomining software is thus needed. Most ML-based anomaly detection methods create black-box models and don?t provide sufficient insight into their outputs. In this paper, we describe the design and implementation in a Kubernetes cluster of an MLbased detection system of anomalous pods by monitoring Linux kernel system calls (syscalls). The explainable model generated is intended to provide sufficient information for visualization, explanation, and interpretation. The ML engine uses neural network, decision tree, and ensemble learning models that are compared in terms of their performance metrics.
When programming parallel applications, barriers are one of the most commonly used synchronizations mechanisms. A barrier ensures that all threads in a given set have reached a specific point in the execution of the parallel program, and that those arriving earlier will wait for the remaining ones before all of them continue beyond that point. The availability of fast implementations of this basic mechanism for multicore architectures can greatly improve the performance of a wide range of applications. We evaluate their performance and compare against more complex existing barrier algorithms. In addition, the main contribution of this paper is the introduction of a novel implementation of barriers based on Scalable NonZero Indicators (SNZI), and compare its performance against the existing algorithms. The performance evaluation two applications benchmark; part of the JavaGrande benchmark suite. These benchmarks are executed on Masdar Institute cluster (MI HPC) at Khalifa University. We observe that there is no a single winner for all the scenarios. Nonetheless our proposed SNZI barriers shows that our SNZI barrier outperforms or is competitive in some scenarios.
With the rising number of malwares, incident handlers are having difficulty keeping up with malware analysis. The Cuckoo Sandbox (CSB) tool was utilized to study the behaviors of malware used by NSA malware. This was done using social media web sites such as twitter to monitor the discussions. The process started with tracing a malicious session with a unique URL. It was pretending to be MS Office 365, with the letter ?O? in the word office replaced with a zero digit. It is captured and place in the search engine of Google and later examined by Twitter for traces. It is discovered that a Twitter chat has a malicious file that was communicating with it. The dynamic malware CSB tool was used for further analysis of this file. The CSB is used by online engines to scan and detonate malware. It is found that the malware was communicating through an IP Address. It is then scanned in the CSB. After an in-depth investigation more variant was found that have similar behavior. We then researched more and found it was an NSA malware. Twitter and other tools were used to analyze the program and then was verified to be NSA malware.
