Showing 1–7 of 7 results for author: Felemban, M

Risk-Aware Sensitive Property-Driven Resource Management in Cloud Datacenters

Authors: Muhamad Felemban, Abdulrahman Almutairi, Arif Ghafoor

Abstract: Organizations are increasingly moving towards the cloud computing paradigm, in which an on-demand access to a pool of shared configurable resources is provided. However, security challenges, which are particularly exacerbated by the multitenancy and virtualization features of cloud computing, present a major obstacle. In particular, sharing of resources among potentially untrusted tenants in acces… ▽ More Organizations are increasingly moving towards the cloud computing paradigm, in which an on-demand access to a pool of shared configurable resources is provided. However, security challenges, which are particularly exacerbated by the multitenancy and virtualization features of cloud computing, present a major obstacle. In particular, sharing of resources among potentially untrusted tenants in access controlled cloud datacenters can result in increased risk of data leakage. To address such risk, we propose an efficient risk-aware sensitive property-driven virtual resource assignment mechanism for cloud datacenters. We have used two information-theoretic measures, i.e., KL-divergence and mutual information, to represent sensitive properties in the dataset. Based on the vulnerabilities of cloud architecture and the sensitive property profile, we have formulated the problem as a cost-drive optimization problem. The problem is shown to be NP-complete. Accordingly, we have proposed two heuristics and presented simulation based performance results for cloud datacenters with multiple sensitivity. △ Less

Submitted 4 February, 2025; originally announced February 2025.

Federated Testing (FedTest): A New Scheme to Enhance Convergence and Mitigate Adversarial Attacks in Federating Learning

Authors: Mustafa Ghaleb, Mohanad Obeed, Muhamad Felemban, Anas Chaaban, Halim Yanikomeroglu

Abstract: Federated Learning (FL) has emerged as a significant paradigm for training machine learning models. This is due to its data-privacy-preserving property and its efficient exploitation of distributed computational resources. This is achieved by conducting the training process in parallel at distributed users. However, traditional FL strategies grapple with difficulties in evaluating the quality of r… ▽ More Federated Learning (FL) has emerged as a significant paradigm for training machine learning models. This is due to its data-privacy-preserving property and its efficient exploitation of distributed computational resources. This is achieved by conducting the training process in parallel at distributed users. However, traditional FL strategies grapple with difficulties in evaluating the quality of received models, handling unbalanced models, and reducing the impact of detrimental models. To resolve these problems, we introduce a novel federated learning framework, which we call federated testing for federated learning (FedTest). In the FedTest method, the local data of a specific user is used to train the model of that user and test the models of the other users. This approach enables users to test each other's models and determine an accurate score for each. This score can then be used to aggregate the models efficiently and identify any malicious ones. Our numerical results reveal that the proposed method not only accelerates convergence rates but also diminishes the potential influence of malicious users. This significantly enhances the overall efficiency and robustness of FL systems. △ Less

Submitted 19 January, 2025; originally announced January 2025.

File Fragment Classification using Light-Weight Convolutional Neural Networks

Authors: Mustafa Ghaleb, Kunwar Saaim, Muhamad Felemban, Saleh Al-Saleh, Ahmad Al-Mulhem

Abstract: In digital forensics, file fragment classification is an important step toward completing file carving process. There exist several techniques to identify the type of file fragments without relying on meta-data, such as using features like header/footer and N-gram to identify the fragment type. Recently, convolutional neural network (CNN) models have been used to build classification models to ach… ▽ More In digital forensics, file fragment classification is an important step toward completing file carving process. There exist several techniques to identify the type of file fragments without relying on meta-data, such as using features like header/footer and N-gram to identify the fragment type. Recently, convolutional neural network (CNN) models have been used to build classification models to achieve this task. However, the number of parameters in CNNs tends to grow exponentially as the number of layers increases. This results in a dramatic increase in training and inference time. In this paper, we propose light-weight file fragment classification models based on depthwise separable CNNs. The evaluation results show that our proposed models provide faster inference time with comparable accuracy as compared to the state-of-art CNN based models. In particular, our models were able to achieve an accuracy of 79\% on the FFT-75 dataset with nearly 100K parameters and 164M FLOPs, which is 4x smaller and 6x faster than the state-of-the-art classifier in the literature. △ Less

Submitted 1 May, 2023; originally announced May 2023.

Comments: 11 pages, 17 figures

Journal ref: IEEE Access.12. (2024) 157179-157191

A Security and Performance Driven Architecture for Cloud Data Centers

Authors: Muhamad Felemban, Anas Daghistani, Yahya Javeed, Jason Kobes, Arif Ghafoor

Abstract: With the growing cyber-security threats, ensuring the security of data in Cloud data centers is a challenging task. A prominent type of attack on Cloud data centers is data tampering attack that can jeopardize the confidentiality and the integrity of data. In this article, we present a security and performance driven architecture for these centers that incorporates an intrusion management system f… ▽ More With the growing cyber-security threats, ensuring the security of data in Cloud data centers is a challenging task. A prominent type of attack on Cloud data centers is data tampering attack that can jeopardize the confidentiality and the integrity of data. In this article, we present a security and performance driven architecture for these centers that incorporates an intrusion management system for multi-tenant distributed transactional databases. The proposed architecture uses a novel data partitioning and placement scheme based on damage containment and communication cost of distributed transactions. In addition, we present a benchmarking framework for evaluating the performance of the proposed architecture. The results illustrate a trade-off between security and performance goals for Cloud data centers. △ Less

Submitted 27 March, 2020; originally announced March 2020.

A Partition-Driven Integrated Security Architecture for Cyber-Physical Systems

Authors: Yahya Javed, Muhamad Felemban, Tawfeeq Shawly, Jason Kobes, Arif Ghafoor

Abstract: Emerging cyber-physical systems incorporate systems of systems that have functional interdependencies. With the increase in complexity of the cyber-physical systems, the attack surface also expands, making cyber-physical systems more vulnerable to cyber-attacks. The functional interdependencies exacerbate the security risk as a cyber-attack that compromises one constituent system of a cyber-physic… ▽ More Emerging cyber-physical systems incorporate systems of systems that have functional interdependencies. With the increase in complexity of the cyber-physical systems, the attack surface also expands, making cyber-physical systems more vulnerable to cyber-attacks. The functional interdependencies exacerbate the security risk as a cyber-attack that compromises one constituent system of a cyber-physical system can disseminate to others. This can result in a cascade effect that can impair the operability of the whole cyber-physical system. In this article, we present a novel security architecture that localizes the cyber-attack in a timely manner, and simultaneously recovers the affected cyber-physical system functionality. We have evaluated the performance of the architecture for advanced metering infrastructure-based pricing cyber-attacks scenario. The simulation results exhibit the effectiveness of the proposed architecture in containing the attack in terms of system availability and its impact on the electric load distribution in the power grid. △ Less

Submitted 10 January, 2019; originally announced January 2019.

Design and Evaluation of A Data Partitioning-Based Intrusion Management Architecture for Database Systems

Authors: Muhamad Felemban, Yahya Javeed, Jason Kobes, Thamir Qadah, Arif Ghafoor, Walid Aref

Abstract: Data-intensive applications exhibit increasing reliance on Database Management Systems (DBMSs, for short). With the growing cyber-security threats to government and commercial infrastructures, the need to develop high resilient cyber systems is becoming increasingly important. Cyber-attacks on DBMSs include intrusion attacks that may result in severe degradation in performance. Several efforts hav… ▽ More Data-intensive applications exhibit increasing reliance on Database Management Systems (DBMSs, for short). With the growing cyber-security threats to government and commercial infrastructures, the need to develop high resilient cyber systems is becoming increasingly important. Cyber-attacks on DBMSs include intrusion attacks that may result in severe degradation in performance. Several efforts have been directed towards designing an integrated management system to detect, respond, and recover from malicious attacks. In this paper, we propose a data Partitioning-based Intrusion Management System (PIMS, for short) that can endure intense malicious intrusion attacks on DBMS. The novelty in PIMS is the ability to contain the damage into data partitions, termed Intrusion Boundaries (IBs, for short). The IB Demarcation Problem (IBDP, for short) is formulated as a mixed integer nonlinear programming. We prove that IBDP is NP-hard. Accordingly, two heuristic solutions for IBDP are introduced. The proposed architecture for PIMS includes novel IB-centric response and recovery mechanisms, which executes compensating transactions. PIMS is prototyped within PostgreSQL, an open-source DBMS. Finally, empirical and experimental performance evaluation of PIMS are conducted to demonstrate that intelligent partitioning of data tuples improves the overall availability of the DBMS under intrusion attacks. △ Less

Submitted 5 October, 2018; v1 submitted 4 October, 2018; originally announced October 2018.

GroupCast: Preference-Aware Cooperative Video Streaming with Scalable Video Coding

Authors: Anis Elgabli, Muhamad Felemban, Vaneet Aggarwal

Abstract: In this paper, we propose a preference-aware cooperative video streaming system for videos encoded using Scalable Video Coding (SVC) where all the collaborating users are interested in watching a video together on a shared screen. However, each user's willingness to cooperate is subject to her own constraints such as user data plans and/or energy consumption. Using SVC, each layer of every chunk c… ▽ More In this paper, we propose a preference-aware cooperative video streaming system for videos encoded using Scalable Video Coding (SVC) where all the collaborating users are interested in watching a video together on a shared screen. However, each user's willingness to cooperate is subject to her own constraints such as user data plans and/or energy consumption. Using SVC, each layer of every chunk can be fetched through any of the cooperating users. We formulate the problem of finding the optimal quality decisions and fetching policy of the SVC layers of video chunks subject to the available bandwidth, chunk deadlines, and cooperation willingness of the different users as an optimization problem. The objective is to optimize a QoE metric that maintains a trade-off between maximizing the playback rate of every chunk while ensuring fairness among all chunks for the minimum skip/stall duration without violating any of the imposed constraints. We propose an offline algorithm to solve the non-convex optimization problem when the bandwidth prediction is non-causally known. This algorithm has a run-time complexity that is polynomial in the video length and the number of cooperating users. Furthermore, we propose an online version of the algorithm for more practical scenarios where erroneous bandwidth prediction for a short window is used. Real implementation with android devices using SVC encoded video on public bandwidth traces' dataset reveals the robustness and performance of the proposed algorithm and shows that the algorithm significantly outperforms round robin based mechanisms in terms of avoiding skips/stalls and fetching video chunks at their highest quality possible. △ Less

Submitted 28 September, 2018; originally announced September 2018.

Comments: 17 pages