Badis Hammi

An end-to-end approach for the detection of phishing attacks

By Badis Hammi, Tristan Billot, Danyil Bazain, Nicolas Binand, Maxime Jaen, Chems Mitta, Nour El Madhoun

2024-04-01

In Advanced information networking and applications (AINA))

Abstract

The main approaches/implementations used to counteract phishing attacks involve the use of crowd-sourced blacklists. However, blacklists come with several drawbacks. In this paper, we present a comprehensive approach for the detection of phishing attacks. Our approach uses our own detection engine which relies on Graph Neural Networks to leverage the hyperlink structure of the websites to analyze. Additionally, we offer a turnkey implementation to the end-users in the form of a Mozilla Firefox plugin.

Continue reading

Security threats, countermeasures, and challenges of digital supply chains

By Badis Hammi, Sherali Zeadally, Jamel Nebhen

2023-07-01

In ACM Computing Surveys

Abstract

The rapid growth of Information Communication Technologies (ICT) has impacted many fields. In this context, the supply chain has also quickly evolved toward the digital supply chain where digital and electronic technologies have been integrated into every aspect of its end-to-end process. This evolution provides numerous beneits such as proit maximization, loss reduction, and the optimization of supply chain lead times. However, the use of such technologies has also considerably opened up various security threats and risks which have widened the attack surface on the entire end-to-end supply chain. We present a holistic survey on supply chain security. We discuss the different security issues and attacks that target the diferent supply chain technologies. Then, we discuss various countermeasures and security solutions proposed by academic and industry researchers to mitigate the identiied threats. Finally, we provide some recommendations and best practices that can be adopted to achieve a secure supply chain.

Continue reading

Software supply-chain security: Issues and countermeasures

By Badis Hammi, Sherali Zeadally

2023-06-01

In Computer

Abstract

Software application development is a complex activity which involves various actors and organizations in what is called the software supply chain. The evolution of the software supply chain led to numerous benefits such as profit maximization, code mutualization, and the optimization of lead times. However, the complexity of the software supply chain results in multiple security issues and attacks because compromises are highly prevalent. An attacker that compromises a single link (e.g., by maliciously modifying the software) in the software supply chain, can harm users of this software and this attack technique is frequently being exploited to attack high profile companies. We can provide a holistic and effective security solution to the software supply chain only if its security state and features are well understood. We discuss how we can achieve strong resilience of the software supply chain to cyberthreats. Next, we propose a holistic end-to-end security approach for the software supply chain.

Continue reading

Non-fungible tokens: A review

By Badis Hammi, Sherali Zeadally, Alfredo J Perez

2023-03-01

In IEEE Internet of Things Magazine

Abstract

Non Fungible Tokens (NFTs) are among the most promising technologies that have emerged in recent years. NFTs enable the efficient verification and ownership management of digital assets and therefore, offer the means to secure them. NFT is similar to blockchain that was first used by the cryptocurrency and then by numerous other technologies. At first, the NFT concept attracted the attention of the digital art community. However, NFT has the potential to enable a plethora of different applications and sce We present a review of the NFT technology. We describe the basic components of NFTs and how NFTs work. Then, we present and discuss the different applications of the NFTs. Finally, we discuss various challenges that the NFT technology must address in the future.

Continue reading

Blockchain-based solution for detecting and preventing fake check scams

By Badis Hammi, Sherali Zeadally, Yves Christian Elloh Adja, Manlio Del Giudice, Jamel Nebhen

2022-12-01

In IEEE Transactions on Engineering Management

Abstract

Fake check scam is one of the most common attacks used to commit fraud against consumers. This fraud is particularly costly for victims because they generally lose thousands of dollars as well as being exposed to judicial proceedings. Currently, there is no existing solution to authenticate checks and detect fake ones instantly. Instead, banks must wait for a period of more than 48 h to detect the scam. In this context, we propose a blockchain-based scheme to authenticate checks and detect fake check scams. Moreover, our approach allows the revocation of used checks. More precisely, our approach helps the banks to share information about provided checks and used ones, without exposing the banks’ customers’ personal data. We demonstrate a proof of concept of our proposed approach using Namecoin and Hyperledger blockchain technologies.

Continue reading

PKIs in C-ITS: Security functions, architectures and projects: A survey

By Badis Hammi, Jean-Philippe Monteuuis, Jonathan Petit

2022-12-01

In Vehicular Communications

Abstract

In the smart cities context, Cooperative Intelligent Transportation Systems (C-ITS) represent one of the main use cases that aim to improve peoples’ daily lives. Within these environments, messages are exchanged continuously. The latter must be secure and must ensure users’ privacy. In this regard, Public Key Infrastructures (PKIs) represent the major solution to meet security needs. In this work, we present a holistic survey that describes all the different functions and services of a C-ITS PKI and focus on the different standards and consortia works that have been adopted to regulate such PKIs. Relying on the survey, we highlight the main research problems and open challenges for ITS PKIs. Then, we propose a generic model for a C-ITS PKI architecture.

Continue reading

A machine learning based approach for the detection of sybil attacks in c-ITS

By Badis Hammi, Mohamed Yacine Idir, Rida Khatoun

2022-09-01

In The 23rd asia-pacific network operations and management symposium

Abstract

The intrusion detection systems are vital for the sustainability of Cooperative Intelligent Transportation Systems (C-ITS) and the detection of sybil attacks are particularly challenging. In this work, we propose a novel approach for the detection of sybil attacks in C-ITS environments. We provide an evaluation of our approach using extensive simulations that rely on real traces, showing our detection approach?s effectiveness.

Continue reading

PhishGNN: A phishing website detection framework using graph neural networks

By Tristan Bilot, Grégoire Geis, Badis Hammi

2022-07-01

In Proceedings of the 19th international conference on security and cryptography - SECRYPT

Abstract

Because of the importance of the web in our daily lives, phishing attacks have been causing a significant damage to both individuals and organizations. Indeed, phishing attacks are today among the most widespread and serious threats to the web and its users. The main approaches deployed against such attacks are blacklists. However, the latter represents numerous drawbacks. In this paper, we introduce PhishGNN, a Deep Learning framework based on Graph Neural Networks, which leverages and uses the hyperlink graph structure of web- sites along with different other hand-designed features. The performance results obtained, demonstrate that PhishGNN outperforms state of the art results with a 99.7% prediction accuracy.

Continue reading

Survey on smart homes: Vulnerabilities, risks, and countermeasures

By Badis Hammi, Sherali Zeadally, Rida Khatoun, Jamel Nebhen

2022-06-01

In Computers & Security

Abstract

Over the last few years, the explosive growth of Internet of Things (IoT) has revolutionized the way we live and interact with each other as well as with various types of systems and devices which form part of the Information Communication Technology (ICT) infrastructure. IoT is having a significant impact on various application domains including healthcare, smart home, transportation, energy, agriculture, manufacturing, and many others. We focus on the smart home environment which has attracted a lot of attention from both academia and industry recently. The smart home provides a lot of convenience to home users but it also opens up various risks that threaten both the security and privacy of the users. In contrast to previous works on smart home security and privacy, we present an overview of smart homes from both academic and industry perspectives. Next we discuss the security requirements, challenges and threats associated with smart homes. Finally, we discuss countermeasures that can be deployed to mitigate the identified threats.

Continue reading

Is it really easy to detect sybil attacks in c-ITS environments: A position paper

By Badis Hammi, Yacine Mohamed Idir, Sherali Zeadally, Rida Khatoun, Jamel Nebhen

2022-04-01

In IEEE Transactions on Intelligent Transportation Systems

Abstract

In the context of current smart cities, Cooperative Intelligent Transportation Systems (C-ITS) represent one of the main use case scenarios that aim to improve peoples? daily lives. Thus, during the last few years, numerous standards have been adopted to regulate such networks. Within a C-ITS, a large number of messages are exchanged continuously in order to ensure that the different applications operate efficiently. However, these networks can be the target of numerous attacks. The sybil attack is among the most dangerous ones. In a sybil attack, an attacker creates multiple identities and then disguises as several fake stations in order to interfere with the normal operations of the system or profit from provided services. We analyze recently proposed sybil detection approaches regarding their compliance with the current C-ITS standards as well as their evaluation methods. We provide several recommendations such as network and attack models as well as an urban and highway datasets that can be considered in future research in sybil attack detection.

Continue reading

Search

Tags