Basheer Al-Duwairi, Ph.D.
My research interests focus on computer and network security
focusing mainly on DDoS attacks, Botnets, and Smartphone Security. The outcome of my research is published in many international journals and conferences.
My work is funded primarily by the Deanship of Research/Jordan University of Science & Technology.
My recent projects include:
- Detection of Fast Flux Networks: Internet infrastructure security has a great impact on people's economical and social life. In recent years, there has been a major shift in the mechanisms and methods employed by malicious hackers to steal sensitive information (e.g., credit card numbers, bank account information, etc.) and to disrupt the operation of the Internet (e.g., distributed denial of service attacks, spam, DNS hacking, etc.). This shift is driven by the fact that attackers are becoming more organized into cyber armies and organized theft groups as opposed to script kiddies doing it for fun and hobby. Attackers are continuously using advanced techniques to maintain highly available, robust, and anonymous attack infrastructure aiming at concealing their identities and to avoid protection countermeasures. In this regard, Botnets remains one of the top threats for today's Internet. This emerging threat is responsible for most of the security incidents that we see daily, which includes spam, DDoS, identity theft, and click fraud. In this project, we study the problem of fast flux networks as one of the advanced and most recent techniques that are being used by botmasters. Using fast flux networks, botmasters are able to hide the location of servers that host the malicious content (known as mothership servers) that are typically used in their spam and phishing campaigns, while providing high availability for these servers. The project aims to characterize fast flux networks in terms of different parameters such as uptime, hardware specifications, and operating systems. This contribution expands on previous research studies and provides better understanding of the problem. Also, it aims at developing efficient techniques to detect these networks.
- Smartphone botnets: The advancement of Smartphone technology coupled with their rapidly increasing popularity makes them an attractive target for malicious attacks. There has been a drastic increase in using these phones for surfing the Internet, e-banking, social networking, etc. It is predicted that smartphones (eg., Apples iPhone and Android-based phones) in particular and mobile networks in general will see a dramatic increase in the number of security incidents with increased level of sophistication. This is due to the fact that today's smartphones store more personal data and gain more capabilities than earlier generation PCs. Botnets which continues to be a major threat in today's Internet is now threatening mobile networks. While the concept of botnet is the same in the PC world and the mobile phone world, there are major differences which characterize mobile botnets and create different challenges in combating this threat. There are several incidents of real Mobile botnets and the number is continuously increasing. In addition, recent research studies show that there are different ways to construct practical mobile botnets. Utilizing SMS messages for command and control (C&C) has been shown to be an effective method to construct mobile botnets. In this project, we propose to characterize SMS command and controlled mobile botnets through a combination of simulation and real testbed experiments. Based on this characterization, we will devise efficient algorithms to detect this type of mobile botnets.
- DDoS Mitigation as a Service: Distributed Denial of Service (DDoS) attacks constitute
an ever growing threat to the Internet due to the scale of
these attacks and the difficulty of mitigating them. In this paper,
we propose a CDN-based DDoS protection service to counter
attacks targeting application layer of web servers. Theses attacks
mimic flash crowd events by using large size botnets to generate
high volume requests to get certain object(s) from the target. The
proposed scheme, called Hideme, leverages the already-deployed,
highly available, and distributed massive infrastructure of CDNs
to provide protection against DDoS attacks. A website subscribing
to this service can hide behind the DDoS protection provider
when it becomes under attack. To achieve this goal, Hideme
combines the idea of using CAPTCHA by CDN edge servers
to distinguish humans from bots and the idea of migration to
a secret IP address during the attack period. We evaluate the
proposed scheme through extensive experiments over Planetlab.
Our results show that the proposed scheme exhibits better
performance in terms of effective download throughput while
blocking malicious requests.