About
36
Publications
8,385
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
347
Citations
Introduction
My current research focus on zero-trust Cyber security including network, file and behavioral detection problems.
Publications
Publications (36)
Application Programming Interface (API) attacks refer to the unauthorized or malicious use of APIs, which are often exploited to gain access to sensitive data or manipulate online systems for illicit purposes. Identifying actors that deceitfully utilize an API poses a demanding problem. Although there have been notable advancements and contribution...
Web applications and APIs face constant threats from malicious actors seeking to exploit vulnerabilities for illicit gains. These threats necessitate robust anomaly detection systems capable of identifying malicious API traffic efficiently despite limited and diverse datasets. This paper proposes a novel few-shot detection approach motivated by Nat...
Artificial intelligence has made significant progress in the last decade, leading to a rise in the popularity of model sharing. The model zoo ecosystem, a repository of pre-trained AI models, has advanced the AI open-source community and opened new avenues for cyber risks. Malicious attackers can exploit shared models to launch cyber-attacks. This...
Similar to the revolution of open source code sharing, Artificial Intelligence (AI) model sharing is gaining increased popularity. However, the fast adaptation in the industry, lack of awareness, and ability to exploit the models make them significant attack vectors. By embedding malware in neurons, the malware can be delivered covertly, with minor...
With the advance in malware technology, attackers create new ways to hide their malicious code from antivirus services. One way to obfuscate an attack is to use common files as cover to hide the malicious scripts, so the malware will look like a legitimate file. Although cutting-edge Artificial Intelligence and content signature exist, evasive malw...
Content Disarm and Reconstruction (CDR) is a zero-trust file methodology that proactively extracts threat attack vectors from documents and media files. While there is extensive literature on CDR that emphasizes its importance, a detailed discussion of how the CDR process works, its effectiveness and drawbacks is lacking. Therefore, this paper pres...
Content Disarm and Reconstruction (CDR) is a zero-trust file methodology that proactively extracts threat attack vectors from documents and media files. While extensive literature on CDR emphasizes its importance, a detailed discussion of how the CDR process works, its effectiveness, and its drawbacks is not presented. Therefore, this paper present...
Similar to the revolution of open source code sharing, Artificial Intelligence (AI) model sharing is gaining increased popularity. However, the fast adaptation in the industry, lack of awareness, and ability to exploit the models make them significant attack vectors. By embedding malware in neurons, the malware can be delivered covertly, with minor...
Internet traffic classification plays a crucial role in Quality of Experience (QoE), Quality of Services (QoS), intrusion detection, and traffic-trend analyses. While there is no theoretical guarantee that deep learning (DL)-based solutions perform better than classic machine learning (ML)-based ones, DL-based models have become the common default....
Internet traffic classification plays a key role in network visibility, Quality of Services (QoS), intrusion detection, Quality of Experience (QoE) and traffic-trend analyses. In order to improve privacy, integrity, confidentiality, and protocol obfuscation, the current traffic is based on encryption protocols, e.g., SSL/TLS. With the increased use...
Internet traffic classification is widely used to facilitate network management. It plays a crucial role in Quality of Services (QoS), Quality of Experience (QoE), network visibility, intrusion detection, and traffic trend analyses. While there is no theoretical guarantee that deep learning (DL)-based solutions perform better than classic machine l...
Cyber threat intelligence officers and forensics investigators often require the behavioural profiling of groups based on their online video viewing activity. It has been demonstrated that encrypted video traffic can be classified under the assumption of using a known subset of video titles based on temporal video viewing trends of particular group...
Quality of Experience is affected by many parameters. For this reason, client-side adaptation logic algorithms often adopt the strategy of optimizing a subset of parameters in the hope of improving the overall QoE. However, as shown here, this approach ends up degrading parameters that are crucial to good Quality of Experience. To resolve this conu...
The increasing popularity of online video content and adaptive video streaming services, especially those based on HTTP Adaptive Streaming (HAS) highlights the need for streaming optimization solutions. From a server perspective, the main drawback of HAS is that the user selects the quality of the next video segment without taking the server constr...
The increasing demand for video streaming services with high Quality of Experience (QoE) has prompted a lot of research on client-side adaptation logic approaches. However, most algorithms use the client's previous download experience and do not use a crowd knowledge database generated by users of a professional service. We propose a new crowd algo...
The increasing popularity of HTTP adaptive video streaming services has dramatically increased bandwidth requirements on operator networks, which attempt to shape their traffic through Deep Packet Inspection (DPI). However, Google and certain content providers have started to encrypt their video services. As a result, operators often encounter diff...
Desktops and laptops can be maliciously exploited to violate privacy. There are two main types of attack scenarios: active and passive. In this paper, we consider the passive scenario where the adversary does not interact actively with this he device, but he is able to eavesdrop on the network traffic of the device from the network side. Most of th...
Previous research has shown that information can be extracted from encrypted multimedia streams. This includes video titles classification of non HTTP adaptive streams (non-HAS). This paper presents an algorithm for \emph{encrypted HTTP adaptive video streaming title classification}. We evaluated our algorithm on a new YouTube popular videos datase...
The increasing popularity of HTTP adaptive video streaming services has dramatically increased bandwidth requirements on operator networks, which attempt to shape their traffic through Deep Packet Inspection (DPI). However, Google and certain content providers have started to encrypt their video services. As a result, operators often encounter diff...
Dynamic Adaptive Streaming over HTTP (DASH) standard was designed to improve quality of experience (QoE) by enabling video distribution at different quality levels according to the clients' network conditions. Moreover, DASH is compatible with the H.264 Scalable Video Coding (SVC) technology. In Content Delivery Networks (CDNs)-P2P hybrid approach,...
Video streaming constitutes the vast majority of Internet traffic and the DASH protocol has become the de-facto standard in the industry of multimedia delivery. The multicast method for information distribution has the potential to dramatically reduce multimedia streaming traffic; however, to date, there is no effective Adaptive Logic (AL) designed...
Dynamic Adaptive Streaming over HTTP (DASH) is a new and promising streaming protocol, based on the Media Presentation Description (MPD) specification. With the increasing demand for Internet video streaming, methods for profiting from video services are gaining increased interest. In this paper, we propose a novel algorithm for server side video a...
The increasing demand for video content and the fast adoption of HTTP Adaptive Streaming (HAS) has led to the need for sophisticated streaming optimization solutions. One of the main drawbacks of HAS is that the user is responsible for deciding which video quality to request without taking into account the server load, the number of users, fairness...
DASH is new ISO/IEC MPEG and 3GPP standard for HTTP multimedia streaming that begins to be widely accepted in the industry. DASH is design to be flexible and support various multimedia formats. DASH unify the proprietary adaptive streaming solutions and suggests differing between them by using different behavioral approaches, each one best suited f...
Progressive download (PD) is a video streaming method over HTTP. Although PD is the most common streaming method over the internet it is highly inefficient from the internet service provider (ISP) point of view. ISPs need to compete with increasing competition, declining profitability and increasing client demand for network bandwidth (BW). ISPs, t...