Biblio

Filters: Author is Hossain Faruk, Md Jobair  [Clear All Filters]
2023-04-14
Hossain Faruk, Md Jobair, Tasnim, Masrura, Shahriar, Hossain, Valero, Maria, Rahman, Akond, Wu, Fan.  2022.  Investigating Novel Approaches to Defend Software Supply Chain Attacks. 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :283–288.
Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks.
2023-03-17
Masum, Mohammad, Hossain Faruk, Md Jobair, Shahriar, Hossain, Qian, Kai, Lo, Dan, Adnan, Muhaiminul Islam.  2022.  Ransomware Classification and Detection With Machine Learning Algorithms. 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC). :0316–0322.
Malicious attacks, malware, and ransomware families pose critical security issues to cybersecurity, and it may cause catastrophic damages to computer systems, data centers, web, and mobile applications across various industries and businesses. Traditional anti-ransomware systems struggle to fight against newly created sophisticated attacks. Therefore, state-of-the-art techniques like traditional and neural network-based architectures can be immensely utilized in the development of innovative ransomware solutions. In this paper, we present a feature selection-based framework with adopting different machine learning algorithms including neural network-based architectures to classify the security level for ransomware detection and prevention. We applied multiple machine learning algorithms: Decision Tree (DT), Random Forest (RF), Naïve Bayes (NB), Logistic Regression (LR) as well as Neural Network (NN)-based classifiers on a selected number of features for ransomware classification. We performed all the experiments on one ransomware dataset to evaluate our proposed framework. The experimental results demonstrate that RF classifiers outperform other methods in terms of accuracy, F -beta, and precision scores.