Visible to the public Biblio

Filters: Author is Elhajj, Imad  [Clear All Filters]
2022-10-20
Nassar, Reem, Elhajj, Imad, Kayssi, Ayman, Salam, Samer.  2021.  Identifying NAT Devices to Detect Shadow IT: A Machine Learning Approach. 2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA). :1—7.
Network Address Translation (NAT) is an address remapping technique placed at the borders of stub domains. It is present in almost all routers and CPEs. Most NAT devices implement Port Address Translation (PAT), which allows the mapping of multiple private IP addresses to one public IP address. Based on port number information, PAT matches the incoming traffic to the corresponding "hidden" client. In an enterprise context, and with the proliferation of unauthorized wired and wireless NAT routers, NAT can be used for re-distributing an Intranet or Internet connection or for deploying hidden devices that are not visible to the enterprise IT or under its oversight, thus causing a problem known as shadow IT. Thus, it is important to detect NAT devices in an intranet to prevent this particular problem. Previous methods in identifying NAT behavior were based on features extracted from traffic traces per flow. In this paper, we propose a method to identify NAT devices using a machine learning approach from aggregated flow features. The approach uses multiple statistical features in addition to source and destination IPs and port numbers, extracted from passively collected traffic data. We also use aggregated features extracted within multiple window sizes and feed them to a machine learning classifier to study the effect of timing on NAT detection. Our approach works completely passively and achieves an accuracy of 96.9% when all features are utilized.
2017-05-22
Saab, Farah, Elhajj, Imad, Kayssi, Ayman, Chehab, Ali.  2016.  A Crowdsourcing Game-theoretic Intrusion Detection and Rating System. Proceedings of the 31st Annual ACM Symposium on Applied Computing. :622–625.

One of the main concerns for smartphone users is the quality of apps they download. Before installing any app from the market, users first check its rating and reviews. However, these ratings are not computed by experts and most times are not associated with malicious behavior. In this work, we present an IDS/rating system based on a game theoretic model with crowdsourcing. Our results show that, with minor control over the error in categorizing users and the fraction of experts in the crowd, our system provides proper ratings while flagging all malicious apps.

2017-05-17
Saab, Farah, Kayssi, Ayman, Elhajj, Imad, Chehab, Ali.  2016.  Solving Sybil Attacks Using Evolutionary Game Theory. Proceedings of the 31st Annual ACM Symposium on Applied Computing. :2195–2201.

Recommender systems have become quite popular recently. However, such systems are vulnerable to several types of attacks that target user ratings. One such attack is the Sybil attack where an entity masquerades as several identities with the intention of diverting user ratings. In this work, we propose evolutionary game theory as a possible solution to the Sybil attack in recommender systems. After modeling the attack, we use replicator dynamics to solve for evolutionary stable strategies. Our results show that under certain conditions that are easily achievable by a system administrator, the probability of an attack strategy drops to zero implying degraded fitness for Sybil nodes that eventually die out.