BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Basheer Al-Duwairi

Basheer Al-Duwairi contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityNetworking and Internet Architecture

Trust snapshot

Quick read

Trust 15 - UnverifiedVerification L1Unclaimed author
3works
0followers
2topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

3 published item(s)

preprint2022arXiv

Adaptable Plug and Play Security Operations Center Leveraging a Novel Programmable Plugin-based Intrusion Detection and Prevention System

The number of cyber-attacks have substantially increased over the past decade resulting in huge organizational financial losses. Indeed, it is no longer a matter of "if" but "when" a security incident will take place. A Security Operations Center(SOC) adoption will help in the detection, identification, prevention, and resolution of issues before they end up causing extensive cyber-related damage. In this paper, our proposed framework is brought about to address the problem that current open-source SOC implementations are plagued with. These include lack of ability to be strengthened on the fly, slow development processes, and their ineptness for continuous timely updates. We, herein, propose a framework that would offer a fully automated open-source SOC deployment; otherwise dubbed, a "plug-and-play framework"; full horizontal scalability incorporating a modular architecture. These underpinning features are meant to mitigate underlying SOC challenges, which often emerge as a result of many pre-determined and repeated processes, bolstering their ability for expansion with new tools. This is on top of enhancing their ability to handle more servers in the clusters as a single logical unit. We also introduce a new system of its kind called a Programmable Plugin-based Intrusion Detection and Prevention System (PPIDPS). This system will extend a SOC's ability to add any tool to the monitored devices while collecting logs that can trigger alerts whenever a suspicious behavior is detected.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

LogDos: A Novel Logging-based DDoS Prevention Mechanism in Path Identifier-Based Information Centric Networks

Information Centric Networks (ICNs) have emerged in recent years as a new networking paradigm for the next-generation Internet. The primary goal of these networks is to provide effective mechanisms for content distribution and retrieval based on in-network content caching. The design of different ICN architectures addressed many of the security issues found in the traditional Internet. Therefore, allowing for a secure, reliable, and scalable communication over the Internet. However, recent research studies showed that these architectures are vulnerable to different types of DDoS attacks. In this paper, we propose a defense mechanism against distributed denial of service attacks (DDoS) in path-identifier based information centric networks. The proposed mechanism, called LogDos, performs GET Message logging based filtering and employs Bloom filter based logging to store incoming GET messages such that corresponding content messages are verified, while filtering packets originating from malicious hosts. We develop three versions of LogDos with varying levels of storage overhead at LogDos-enabled router. Extensive simulation experiments show that LogDos is very effective against DDoS attacks as it can filter more than 99.98 % of attack traffic in different attack scenarios while incurring acceptable storage overhead.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

PASSVM: A Highly Accurate Online Fast Flux Detection System

Fast Flux service networks (FFSNs) are used by adversaries to achieve a high resilient technique for their malicious servers while keeping them hidden from direct access. In this technique, a large number of botnet machines, that are known as flux agents, work as proxies to relay the traffic between end users and a malicious mothership server which is controlled by an adversary. Various mechanisms have been proposed for detecting FFSNs. Such mechanisms depend on collecting a large amount of DNS traffic traces and require a considerable amount of time to identify fast flux domains. In this paper, we propose an efficient AI-based online fast flux detection system that performs highly accurate and extremely fast detection of fast flux domains. The proposed system, called PASSVM, is based on features that are associated with DNS response messages of a given domain name. The approach relies on features that are stored in two local databases, in addition to features that are extracted from the response DNS messages itself. The information in the databases are obtained from Censys search engine and IP Geolocation service. PASSVM is evaluated using three types of artificial neural networks which are: Multilayer Perceptron (MLP), Radial Basis Function Network (RBF), and Support Vector Machines (SVM). Results show that SVM with RBF kernel outperformed the other two methods with an accuracy of 99.557% and a detection time of less than 18 ms.

0 citations0 reviewsNo code linkedOpen access