Biblio

Filters: Author is Lashkari, Arash Habibi  [Clear All Filters]
2022-02-07
Keyes, David Sean, Li, Beiqi, Kaur, Gurdip, Lashkari, Arash Habibi, Gagnon, Francois, Massicotte, Frédéric.  2021.  EntropLyzer: Android Malware Classification and Characterization Using Entropy Analysis of Dynamic Characteristics. 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS). :1–12.
The unmatched threat of Android malware has tremendously increased the need for analyzing prominent malware samples. There are remarkable efforts in static and dynamic malware analysis using static features and API calls respectively. Nonetheless, there is a void to classify Android malware by analyzing its behavior using multiple dynamic characteristics. This paper proposes EntropLyzer, an entropy-based behavioral analysis technique for classifying the behavior of 12 eminent Android malware categories and 147 malware families taken from CCCS-CIC-AndMal2020 dataset. This work uses six classes of dynamic characteristics including memory, API, network, logcat, battery, and process to classify and characterize Android malware. Results reveal that the entropy-based analysis successfully determines the behavior of all malware categories and most of the malware families before and after rebooting the emulator.
2020-05-08
Boakye-Boateng, Kwasi, Lashkari, Arash Habibi.  2019.  Securing GOOSE: The Return of One-Time Pads. 2019 International Carnahan Conference on Security Technology (ICCST). :1—8.

IEC 61850 is an international standard that is widely used in substation automation systems (SAS) in smart grids. During its development, security was not considered thus leaving SAS vulnerable to attacks from adversaries. IEC 62351 was developed to provide security recommendations for SAS against (distributed) denial-of-service, replay, alteration, spoofing and detection of devices attacks. However, real-time communications, which require protocols such as Generic Object-Oriented Substation Event (GOOSE) to function efficiently, cannot implement these recommendations due to latency constraints. There has been researching that sought to improve the security of GOOSE messages, however, some cannot be practically implemented due to hardware requirements while others are theoretical, even though latency requirements were met. This research investigates the possibility of encrypting GOOSE messages with One- Time Pads (OTP), leveraging the fact that encryption/decryption processes require the random generation of OTPs and modulo addition (XOR), which could be a realistic approach to secure GOOSE while maintaining latency requirements. Results show that GOOSE messages can be encrypted with some future work required.