Abstract: Graphical passwords are most
widely used as a mechanism for authentication in today's mobile computing
environment. This methodology was introduced to enhance security element and
overcome the vulnerabilities of textual passwords, pins, or other trivial
password methodologies which were difficult to remember and prone to external
attacks. There are many graphical password schemes that are proposed over time,
however, most of them suffer from shoulder surfing and could be easily guessed
which is quite a big problem. The proposed technique in this paper allows the
user to keep the ease-to-use property of the pattern lock while minimizing the
risk of shoulder surfing and password guessing. The proposed technique allows
the user to divide a picture into multiple chunks and while unlocking,
selecting the previously defined chunks results successfully in unlocking the
device. This technique can effectively resist the shoulder surfing and smudge
attacks, also it is resilient to password guessing or dictionary attacks. The
proposed methodology can significantly improve the security of the graphical
password system with no cost increase in terms of unlocking time.
IEEE-2019: Secure and Efficient
Skyline Queries on Encrypted Data
Abstract: Outsourcing
data and computation to cloud server provides a cost-effective way to support
large scale data storage and query processing. However, due to security and
privacy concerns, sensitive data (e.g., medical records) need to be protected
from the cloud server and other unauthorized users. One approach is to
outsource encrypted data to the cloud server and have the cloud server perform
query processing on the encrypted data only. It remains a challenging task to
support various queries over encrypted data in a secure and efficient way such
that the cloud server does not gain any knowledge about the data, query, and
query result. In this paper, we study the problem of secure skyline queries
over encrypted data. The skyline query is particularly important for
multi-criteria decision making but also presents significant challenges due to
its complex computations. We propose a fully secure skyline query protocol on
data encrypted using semantically-secure encryption. As a key subroutine, we
present a new secure dominance protocol, which can be also used as a building
block for other queries. Furthermore, we demonstrate two optimizations, data
partitioning and lazy merging, to further reduce the computation load. Finally,
we provide both serial and parallelized implementations and empirically study
the protocols in terms of efficiency and scalability under different parameter
settings, verifying the feasibility of our proposed solutions.
IEEE 2018: Human Identification From Freestyle Walks Using Posture-Based Gait Feature Abstract: With the increase of terrorist threats around the world, human identification research has become a sought after area of research. Unlike standard biometric recognition techniques, gait recognition is a non-intrusive technique. Both data collection and classification processes can be done without a subject’s cooperation. In this work, we propose a new model-based gait recognition technique called postured-based gait recognition. It consists of two elements: posture-based features and posture-based classification. Posture-based features are composed of displacements of all joints between current and adjacent frames and Center-of-Body (CoB) relative coordinates of all joints, where the coordinates of each joint come from its relative position to four joints: hip-center, hip-left, hip-right, and spine joints, from the front forward. The CoB relative coordinate system is a critical part to handle the different observation angle issue. In posture-based classification, postured-based gait features of all frames are considered. The dominant subject becomes a classification result. The postured-based gait recognition technique outperforms existing techniques in both fixed direction and freestyle walk scenarios where turning around and changing directions are involved. This suggests that a set of postures and quick movements are sufficient to identify a person. The proposed technique also performs well under the gallery-size test and the cumulative match characteristic test, which implies that the postured-based gait recognition technique is not gallery-size sensitive and is a good potential tool for forensic and surveillance use.
Click for more details
IEEE 2018: A Data Mining based Model for Detection of Fraudulent Behaviour
in Water Consumption
Abstract: Fraudulent behavior
in drinking water consumption is a significant problem facing water supplying
companies and agencies. This behavior results in a massive loss of income and
forms the highest percentage of non-technical loss. Finding efficient
measurements for detecting fraudulent activities has been an active research
area in recent years. Intelligent data mining techniques can help water
supplying companies to detect these fraudulent activities to reduce such
losses. This research explores the use of two classification techniques (SVM
and KNN) to detect suspicious fraud water customers. The main motivation of
this research is to assist Yarmouk Water Company (YWC) in Irbid city of Jordan
to overcome its profit loss. The SVM based approach uses customer load profile
attributes to expose abnormal behavior that is known to be correlated with
non-technical loss activities. The data has been collected from the historical
data of the company billing system. The accuracy of the generated model hit a
rate of over 74% which is better than the current manual prediction procedures
taken by the YWC. To deploy the model, a decision tool has been built using the
generated model. The system will help the company to predict suspicious water
customers to be inspected on site.
IEEE 2018: Machine Learning Methods for Disease Prediction with Claims
Data
Abstract: One of the primary
challenges of healthcare delivery is aggregating disparate, asynchronous data
sources into meaningful indicators of individual health. We combine natural
language word embedding and network modeling techniques to learn meaningful
representations of medical concepts by using the weighted network adjacency
matrix in the GloVe algorithm, which we call Code2Vec. We demonstrate that using
our learned embeddings improve neural network performance for disease
prediction. However, we also demonstrate that popular deep learning models for
disease prediction are not meaningfully better than simpler, more interpretable
classifiers such as XGBoost. Additionally, our work adds to the current
literature by providing a comprehensive survey of various machine learning
algorithms on disease prediction tasks.
IEEE 2017: NetSpam: a Network-based Spam Detection Framework for Reviews
in Online Social Media
Abstract: Nowadays, a big part
of people rely on available content in social media in their decisions (e.g.
reviews and feedback on a topic or product). The possibility that anybody can
leave a review provide a golden opportunity for spammers to write spam reviews
about products and services for different interests. Identifying these spammers
and the spam content is a hot topic of research and although a considerable
number of studies have been done recently toward this end, but so far the
methodologies put forth still barely detect spam reviews, and none of them show
the importance of each extracted feature type. In this study, we propose a
novel framework, named NetSpam, which utilizes spam features for modeling
review datasets as heterogeneous information networks to map spam detection
procedure into a classification problem in such networks. Using the importance
of spam features help us to obtain better results in terms of different metrics
experimented on real-world review datasets from Yelp and Amazon websites. The
results show that NetSpam outperforms the existing methods and among four
categories of features; including review-behavioral, user-behavioral,
reviewlinguistic, user-linguistic, the first type of features performs better
than the other categories.
IEEE 2017: One-time
Password for Biometric Systems: Disposable Feature Templates
Abstract:Biometric access control systems are becoming
more commonplace in society. However, these systems are susceptible to replay
attacks. During a replay attack, an attacker can capture packets of data that
represents an individual’s biometric. The attacker can then replay the data and
gain unauthorized access into the system. Traditional password based systems
have the ability to use a one-time password scheme. This allows for a unique
password to authenticate an individual and it is then disposed. Any captured
password will not be effective. Traditional biometric systems use a single
feature extraction method to represent an individual, making captured data
harder to change than a password. There are hashing techniques that can be used
to transmute biometric data into a unique form, but techniques like this
require some external dongle to work successfully. The proposed technique in
this work can uniquely represent individuals with each access attempt. The
amount of unique representations will be further increased by a genetic feature
selection technique that uses a unique subset of biometric features. The
features extracted are from an improved geneticbased extraction technique that
performed well on periocular images. The results in this manuscript show that
the improved extraction technique coupled with the feature selection technique
has an improved identification performance compared with the traditional
genetic based extraction approach. The features are also shown to be unique
enough to determine a replay attack is occurring, compared with a more
traditional feature extraction technique.
Click for more details
IEEE 2016: A Shoulder Surfing Resistant Graphical Authentication System
Abstract:
Authentication
based on passwords is used largely in applications for computer security and
privacy. However, human actions such as choosing bad passwords and inputting
passwords in an insecure way are regarded as” the weakest link” in the
authentication chain. Rather than arbitrary alphanumeric strings, users tend to
choose passwords either short or meaningful for easy memorization. With web
applications and mobile apps piling up, people can access these applications
anytime and anywhere with various devices. This evolution brings great
convenience but also increases the probability of exposing passwords to
shoulder surfing attacks. Attackers can observe directly or use external
recording devices to collect users’ credentials. To overcome this problem, we
proposed a novel authentication system PassMatrix, based on graphical passwords
to resist shoulder surfing attacks. With a one-time valid login indicator and
circulative horizontal and vertical bars covering the entire scope of
pass-images, PassMatrix offers no hint for attackers to figure out or narrow down
the password even they conduct multiple camera-based attacks. We also
implemented a PassMatrix prototype on Android and carried out real user
experiments to evaluate its memorability and usability. From the experimental
result, the proposed system achieves better resistance to shoulder surfing
attacks while maintaining usability.
