Badis Hammi

An end-to-end approach for the detection of phishing attacks

By Badis Hammi, Tristan Billot, Danyil Bazain, Nicolas Binand, Maxime Jaen, Chems Mitta, Nour El Madhoun

2024-04-01

In Advanced information networking and applications (AINA))

Abstract

The main approaches/implementations used to counteract phishing attacks involve the use of crowd-sourced blacklists. However, blacklists come with several drawbacks. In this paper, we present a comprehensive approach for the detection of phishing attacks. Our approach uses our own detection engine which relies on Graph Neural Networks to leverage the hyperlink structure of the websites to analyze. Additionally, we offer a turnkey implementation to the end-users in the form of a Mozilla Firefox plugin.

Continue reading

Security threats, countermeasures, and challenges of digital supply chains

By Badis Hammi, Sherali Zeadally, Jamel Nebhen

2023-07-01

In ACM Computing Surveys

Abstract

The rapid growth of Information Communication Technologies (ICT) has impacted many fields. In this context, the supply chain has also quickly evolved toward the digital supply chain where digital and electronic technologies have been integrated into every aspect of its end-to-end process. This evolution provides numerous beneits such as proit maximization, loss reduction, and the optimization of supply chain lead times. However, the use of such technologies has also considerably opened up various security threats and risks which have widened the attack surface on the entire end-to-end supply chain. We present a holistic survey on supply chain security. We discuss the different security issues and attacks that target the diferent supply chain technologies. Then, we discuss various countermeasures and security solutions proposed by academic and industry researchers to mitigate the identiied threats. Finally, we provide some recommendations and best practices that can be adopted to achieve a secure supply chain.

Continue reading

Blockchain-based solution for detecting and preventing fake check scams

By Badis Hammi, Sherali Zeadally, Yves Christian Elloh Adja, Manlio Del Giudice, Jamel Nebhen

2022-12-01

In IEEE Transactions on Engineering Management

Abstract

Fake check scam is one of the most common attacks used to commit fraud against consumers. This fraud is particularly costly for victims because they generally lose thousands of dollars as well as being exposed to judicial proceedings. Currently, there is no existing solution to authenticate checks and detect fake ones instantly. Instead, banks must wait for a period of more than 48 h to detect the scam. In this context, we propose a blockchain-based scheme to authenticate checks and detect fake check scams. Moreover, our approach allows the revocation of used checks. More precisely, our approach helps the banks to share information about provided checks and used ones, without exposing the banks’ customers’ personal data. We demonstrate a proof of concept of our proposed approach using Namecoin and Hyperledger blockchain technologies.

Continue reading

PKIs in C-ITS: Security functions, architectures and projects: A survey

By Badis Hammi, Jean-Philippe Monteuuis, Jonathan Petit

2022-12-01

In Vehicular Communications

Abstract

In the smart cities context, Cooperative Intelligent Transportation Systems (C-ITS) represent one of the main use cases that aim to improve peoples’ daily lives. Within these environments, messages are exchanged continuously. The latter must be secure and must ensure users’ privacy. In this regard, Public Key Infrastructures (PKIs) represent the major solution to meet security needs. In this work, we present a holistic survey that describes all the different functions and services of a C-ITS PKI and focus on the different standards and consortia works that have been adopted to regulate such PKIs. Relying on the survey, we highlight the main research problems and open challenges for ITS PKIs. Then, we propose a generic model for a C-ITS PKI architecture.

Continue reading

A machine learning based approach for the detection of sybil attacks in c-ITS

By Badis Hammi, Mohamed Yacine Idir, Rida Khatoun

2022-09-01

In The 23rd asia-pacific network operations and management symposium

Abstract

The intrusion detection systems are vital for the sustainability of Cooperative Intelligent Transportation Systems (C-ITS) and the detection of sybil attacks are particularly challenging. In this work, we propose a novel approach for the detection of sybil attacks in C-ITS environments. We provide an evaluation of our approach using extensive simulations that rely on real traces, showing our detection approach?s effectiveness.

Continue reading

PhishGNN: A phishing website detection framework using graph neural networks

By Tristan Bilot, Grégoire Geis, Badis Hammi

2022-07-01

In Proceedings of the 19th international conference on security and cryptography - SECRYPT

Abstract

Because of the importance of the web in our daily lives, phishing attacks have been causing a significant damage to both individuals and organizations. Indeed, phishing attacks are today among the most widespread and serious threats to the web and its users. The main approaches deployed against such attacks are blacklists. However, the latter represents numerous drawbacks. In this paper, we introduce PhishGNN, a Deep Learning framework based on Graph Neural Networks, which leverages and uses the hyperlink graph structure of web- sites along with different other hand-designed features. The performance results obtained, demonstrate that PhishGNN outperforms state of the art results with a 99.7% prediction accuracy.

Continue reading

Survey on smart homes: Vulnerabilities, risks, and countermeasures

By Badis Hammi, Sherali Zeadally, Rida Khatoun, Jamel Nebhen

2022-06-01

In Computers & Security

Abstract

Over the last few years, the explosive growth of Internet of Things (IoT) has revolutionized the way we live and interact with each other as well as with various types of systems and devices which form part of the Information Communication Technology (ICT) infrastructure. IoT is having a significant impact on various application domains including healthcare, smart home, transportation, energy, agriculture, manufacturing, and many others. We focus on the smart home environment which has attracted a lot of attention from both academia and industry recently. The smart home provides a lot of convenience to home users but it also opens up various risks that threaten both the security and privacy of the users. In contrast to previous works on smart home security and privacy, we present an overview of smart homes from both academic and industry perspectives. Next we discuss the security requirements, challenges and threats associated with smart homes. Finally, we discuss countermeasures that can be deployed to mitigate the identified threats.

Continue reading

Is it really easy to detect sybil attacks in c-ITS environments: A position paper

By Badis Hammi, Yacine Mohamed Idir, Sherali Zeadally, Rida Khatoun, Jamel Nebhen

2022-04-01

In IEEE Transactions on Intelligent Transportation Systems

Abstract

In the context of current smart cities, Cooperative Intelligent Transportation Systems (C-ITS) represent one of the main use case scenarios that aim to improve peoples? daily lives. Thus, during the last few years, numerous standards have been adopted to regulate such networks. Within a C-ITS, a large number of messages are exchanged continuously in order to ensure that the different applications operate efficiently. However, these networks can be the target of numerous attacks. The sybil attack is among the most dangerous ones. In a sybil attack, an attacker creates multiple identities and then disguises as several fake stations in order to interfere with the normal operations of the system or profit from provided services. We analyze recently proposed sybil detection approaches regarding their compliance with the current C-ITS standards as well as their evaluation methods. We provide several recommendations such as network and attack models as well as an urban and highway datasets that can be considered in future research in sybil attack detection.

Continue reading

A blockchain-based certificate revocation management and status verification system

By Elloh Adja, Badis Hammi, Ahmed Serhrouchni, Sherali Zeadally

2021-05-01

In Computers & Security

Abstract

Revocation management is one of the main tasks of the Public Key Infrastructure (PKI). It is also critical to the security of any PKI. As a result of the increase in the number and sizes of networks as well as the adoption of novel paradigms such as the Internet of Things and their usage of the web, current revocation mechanisms are vulnerable to single point of failures as the network loads increase. To address this challenge, we take advantage of blockchains power and resiliency in order to propose an efficient decentralized certificates revocation management and status verification system. We use the extension field of the X509 certificate’s structure to introduce a field that describes to which distribution point the certificate will belong to if revoked. Each distribution point is represented by a Bloom filter filled with revoked certificates. Bloom filters and revocation information are stored in a public blockchain. We developed a real implementation of our proposed mechanism in Python and the Namecoin blockchain. Then, we conducted an extensive evaluation of our scheme using performance metrics such as execution time and data consumption to demonstrate that it can meet the needed requirements with high efficiency and low cost. Moreover, we compare the performance of our approach with two of the most well-known/used revocation techniques which are Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL). The results obtained show that our proposed approach outperforms these current schemes.

Continue reading

Search

Tags