Adel Bouhoula

Arabian Gulf University

Human posture recognition is an important task for intelligent systems specially those performing action recognition. In this paper, we propose a novel multispectral corner detector and a new HOG-based multispectral local descriptor. First, we select salient features which are extracted from an edge image obtained by picking the maximum eigenvalue...

Smart cities are made up of various components that are interconnected. These components exchange data on an ongoing basis and they facilitate the lives of citizens. Its use of Information and Communication Technology (ICT) was a key factor in its sustainable development. Nonetheless, this development contributed to a rise of safety threats, crimin...

The dynamic state of networks presents a challenge for the deployment of distributed applications and protocols. Ad-hoc schedules in the updating phase might lead to a lot of ambiguity and issues. By separating the control and data planes and centralizing control, Software Defined Networking (SDN) offers novel opportunities and remedies for these i...

One of the most challenging issues facing Internet of Medical Things (IoMT) cyber defense is the complexity of their ecosystem coupled with the development of cyber-attacks. Medical equipments lack built-in security and are increasingly becoming connected. Moving beyond traditional security solutions becomes a necessity to protect patients and orga...

Internet of Things (IoT) applications are among the major trends of nowadays. Billions of connected devices are creating great business profits and performing a multitude of automated tasks in many daily human activities. In healthcare service delivery, IoT capabilities are difficult to overestimate, they are progressively becoming entangled and co...

As filtering policies are getting larger and more complex, packet filtering at firewalls needs to keep low delays. New firewall architectures are needed to enforce security and meet the increasing demand for high-speed networks. Two main architectures exist for parallelization, data-parallel and function-parallel firewalls. In the first, packets ar...

Face detection has gained an ever increasing importance since it has a direct implication in several security systems and devices. Actually, several challenges related to visual variations have been associated with face detection. They can be attributed to many factors, such as occlusion, imaging conditions, illumination, image orientation and pose...

The Internet of Medical Things (IoMT) is creating all sorts of new applications and capabilities for healthcare services and transforming medical care in lasting and impactful ways. Jointly, new security and cyber-security risks are arisen. Nevertheless, traditional risk management frameworks cannot be directly applied to the IoMT context. In fact,...

Nowadays, emerging Software Defined Networks (SDN) present an innovative and a promotional research axis thanks to their advantages compared to conventional networks. Nevertheless, security aspects within SDN networks are still challenging tasks because of the rapid expansion and the dynamic updates of these networks. Security and cyber-security in...

In these last years, the widespread adoption of the Internet of Things (IoT) concept led to the invention of intelligent cities. Smart cities operate in real time to promote lightness and life quality to citizens in urban cities. Smart city network traffic through IoT systems is growing exponentially though it presents new cyber-security threats. T...

Databases are considered as one of the most compromised assets according to 2014-2016 Verizon Data Breach Reports. The reason is that databases are at the heart of Information Systems (IS) and store confidential business or private records. Ensuring the integrity of sensitive records is highly required and even vital in critical systems (e-health,...

As a major advancement technology in healthcare industry, e-health contributes to setting up efficient and highly automated healthcare infrastructures. Internet of things (IoT) holds great promise for healthcare providers as well as for its end users. Internet of Medical Things (IoMT) applications are among the major trends of the moment. Nonethele...

Face detection technology has been a hot topic in the past few decades. It has been maturely applied to many practical areas. Therefore, introducing an outperforming model is needed. Nevertheless, the proposed algorithms do not alter with the dynamic aspect of data and result in a high computational complexity. This paper expounds on how to promote...

Low variance direction of the training dataset can carry crucial information when building a performant one-class classifier. Covariance-guided One-Class Support Vector Machine (COSVM) emphasizes the low variance direction of the training dataset which results in higher accuracy. However, in the case of large scale datasets, or sequentially obtaine...

Software-Defined Networking (SDN) brings a significant flexibility and visibility to networking, but at the same time creates new security challenges. SDN allows networks to keep pace with the speed of change by facilitating frequent modifications to the network configuration. However, these changes may introduce misconfigurations by writing incons...

This paper presents a new method for edge detection based on both Lab color and depth images. The principal challenge of multispectral edge detection consists of integrating different information into one meaningful result, without requiring empirical parameters. Our method combines the Lab color channels and depth information in a well-posed way u...

This paper presents a new method for edge detection based on both Lab color and depth images. The principalchallenge of multispectral edge detection consists of integrating different information into one meaningfulresult, without requiring empirical parameters. Our method combines the Lab color channels and depth information in a well-posed way usi...

Substantial advances in Information and Communication Technologies (ICT) bring out novel concepts, solutions, trends, and challenges to integrate intelligent and autonomous systems in critical infrastructures. A new generation of ICT environments (such as smart cities, Internet of Things, edge-fog-social-cloud computing, and big data analytics) is...

In the field of risk management for access control systems, especially in database management systems, the access control policy is not too much explored as most researchers a priori hypothesize its reliability and validity. Access control policy is exposed to many irregularities throughout its evolution. During its lifecycle, it presents anomalies...

Systems that rely on Face Detection have gained great importance ever, since large-scale databases of thousands of face images are collected from several sources. Thus, the use of an outperforming face detector becomes a challenging problem. Different classification models have been studied and applied for face detection. However, such models invol...

Problems arising from firewall misconfigurations are common and have dramatic consequences for networks operations. Therefore, the discovery and removal of these misconfigurations is a serious and complex problem to solve. In this paper, we address this problem using a data structure (FDD: firewall decision diagram). We propose a new approach to ru...

Firewall is one of the most commonly used techniques to protect a network, it limits or provides access to specific network segments based on a set of filtering rules that should be configured with respect to the global security policy. Nevertheless, the security policy (SP) changes frequently due to business or application needs, and this change o...

Nowadays, the access control is becoming increasingly important for open, ubiquitous and critical systems. Nonetheless, efficient Administration, Management, Safety analysis and Risk assessment (AMSR) are recognized as fundamental and crucial challenges in todays access control infrastructures. In untrustworthy environment, the administration of an...

The constant evolution of access control requirements and the dynamic environment in which they evolve require nowadays quick and instant decision-making related to risk of illegitimate access in Information Systems. Various contributions defined in the literature aim to overcome or to mitigate related risks and paradoxically adopted the hypothesis...

In this paper we outline a PhD research plan. This research contributes to the field of one-class incremental learning and classification in case of non-stationary environments. The goal of this PhD is to define a new classification framework able to deal with very small learning dataset at the beginning of the process and with abilities to adjust...

Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare...

Covariance-guided One-Class Support Vector Machine (COSVM) is a very competitive kernel classifier, as it emphasizes the low variance projectional directions of the training data, which results in high accuracy. However, COSVM training involves solving a constrained convex optimization problem, which requires large memory and enormous amount of tra...

Problems arising from firewalls are common, cost time and money and have dramatic consequences for the operations of networks, especially in multi-firewall enterprise network. In fact, any misconfiguration that can arise between rules creates ambiguity in classification and filtering of the traffic. The discovery and removal of these misconfigurati...

Voice over IP (VoIP) is a very attractive technology. It is increasingly adopted by enterprises and consumers. VoIP inherits adjacent security issues to IP networks to which are added new specific problems. Spam over IP telephony (SPIT) is expected to become one of the VoIP problems. To resolve it, many anti-SPIT mechanisms are proposed but there a...

Access Control is one of the essential and traditional security weapons of data protection. In open and complex environments such as the Internet or cloud computing, the decision to grant access to a resource must ensure a secure management with a specific attention to privacy and data protection regulations. In recent years, many access control mo...

IDSs are core elements in network security. The effectiveness of security protection provided by an IDS mainly depends on the quality of its configuration. Unfortunately, configuring an IDS is work-intensive and error prone if performed manually. As a result, there is a high demand for analyzing and discovering automatically anomalies that can aris...

The fundamental goals of security policy are to allow uninterrupted access to the network resources for authenticated users and to deny access to unauthenticated users. For this purpose, firewalls are frequently deployed in every size network. However, bad configurations may cause serious security breaches and network vulnerabilities. In particular...

Spam over IP telephony (SPIT) is expected to become a serious problem as the use of voice over IP grows. This kind of spam is appreciated by spammers due to its effectiveness and low cost. Many anti-SPIT solutions are applied to resolve this problem but there are still limited in some cases. Thus, in this paper, we propose a system to detect SPIT a...

Nations development depends heavily on the proper functioning of their Critical Infrastructures (CIs). Their security requirements are very important since small dysfunctions can deeply affect nation stability. We focus on their integrity need because Critical Information Infrastructures (CIIs) manipulate data that must be correct. The differentiat...

With the rapid development of Internet and its services, cyber attacks are increasingly emerging and evolving nowadays. To be aware of new attacks and elaborate the appropriate protection mechanisms, an interesting idea is to attract attackers, then to automatically monitor their activities and analyze their behaviors. In this paper, we are particu...

Firewalls are essential components in network security solutions. They implement a network security policy which represents the highest level requirements for controlling the resource accesses. The effectiveness of security protection provided by a firewall mainly depends on the quality of the configuration implemented in it. Unfortunately, differe...

Honeypots play an important role in collecting relevant information about malicious activities that happen on the Internet. In this paper, we are particularly interested in attacks targeting Web services. We therefore propose a honeypot implementation for Web services, called WS Honeypot. However, the data collected by honeypots can become very lar...

Spam over IP Telephony (SPIT) is expected to become a serious problem as the use of VoIP grows. This kind of spam is appreciated by spammers due to its effectiveness and low cost. Many anti-SPIT solutions are applied to resolve this problem but it is still limited in some cases. We propose in this paper a SPIT detection algorithm based on user's ca...

Symbolic computation is the science of computing with symbolic objects (terms, formulae, programs, algebraic objects, geometrical objects, etc). Powerful symbolic algorithms have been developed during the past decades and have played an influential role in theorem proving, automated reasoning, software verification, model checking, rewriting, forma...

Over the past years, Honeypots have proven their efficacy for understanding the characteristics of malicious activities on the Internet. They help security managers to collect valuable information about the techniques and motivations of the attackers. However, when the amount of collected data in honeypots becomes very large, the analysis performed...

The coexistence of range based and prefix based fields within the filtering policy is one of the most important cause that makes the packet filtering problem difficult to solve and the proposed hybrid solutions hard to implement. Packet filters must support rule sets involving any type of conditions and must scale the number of rules, the number of...

The coexistence of range-based and prefix-based fields within the filtering policy is one of the most important causes that make the packet filtering problem difficult to solve and the proposed hybrid solutions hard to implement. In general, a packet filter must support rule sets involving any conditions and it must be able to scale the number of r...

When enterprises deploy multiple firewalls, a packet may be examined by different sets of firewalls. It has been observed that the resulting complex firewall network is highly error prone and causes serious security holes. Hence, automated solutions are needed in order to check its correctness. In this paper, we propose a formal and automatic metho...

Network security requirements are generally regarded once network topology is implemented. In particular, once firewalls are emplaced to filter network traffic between different Local Area Networks (LANs). This commun approach may lead to critical situations: First, machines that should not communicate could belong to a same LAN where the network t...

We present a procedure for the verification of cryptographic protocols based on a new method for automatic implicit induction theorem proving for specifications made of conditional and constrained rewrite rules. The method handles axioms between constructor terms which are used to introduce explicit destructor symbols for the specification of crypt...

We present a procedure for checking sufficient completeness of conditional and constrained term rewriting systems containing axioms for constructors which may be constrained (by e.g. equalities, disequalities, ordering, membership, …). Such axioms allow to specify complex data structures like e.g. sets, sorted lists or powerlists. Our approach is i...

Internet is providing essential communication between an infinite number of people and is being increasingly used as a tool for commerce. At the same time, security is becoming a tremendously important issue to deal with. Different network security solutions exist and contribute to enhanced security. From these solutions, Intrusion detection syste...

Firewalls are among the most important mechanisms used to enforce network security policies. However, It has been observed that most firewall policies on the Internet are poorly designed. A firewall error may allow the spread of malicious traffic or block legitimate one causing serious damages. A major source of firewall misconfigurations stem from...

Firewalls are the most widely adopted technology for protecting private networks. However, most firewalls in Internet have been plagued with policy errors. An important source of errors stem from the lack of automatic tools ensuring a correct deployment of a network security policy expressed in a high level language, into firewall configurations. I...

The process of packet filtering becomes time consuming as filtering policies become larger and more complex. New firewall designs are needed to meet the challenges associated with the high-speed networks. For this reason, access control lists in firewalls need to be flexible enough to give us the possibility to implement efficiently new high-perfor...

The growth of the Internet coupled with the complexity of the security needs increases the demands on filtering performance, so much so that it is crucial to maintain high classification throughput in a high speed environment. As a result, today's security devices require innovative designs and algorithms to optimize the efficiency of packet filter...

The coexistence of range based and prefix based fields within the filtering rules is one of the most important cause that makes the packet classification problem difficult to resolve and the proposed hybrid solutions hard to implement. How to effectively support such complex filtering rules is really a challenge. Most of the cases range-based field...

A drawback of stateless firewalls is that they have no memory of previous packets which makes them vulnerable to specific attacks . A stateful firewall is connection-aware, offering finer-grained control of network traffic. Unfortunately, configuring stateful firewalls is highly error prone. That is due to the potentially large number of entangled...

During this time when Internet provides essential communication between an infinite number of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. However, traditional widely used security methods such as firewalls, cryptography and intrusion detection systems (IDSs) have been u...

Web services are increasingly becoming an integral part of next-generation web applications. A Web service is defined as a software system designed to support interoperable machine-to-machine interaction over a network based on a set of XML standards. This new architecture and set of protocols brings new vulnerabilities that can be exploited by att...

Pattern matching is a crucial factor for deriving efficient intrusion detection. However Network Intrusion Detection Systems (NIDSs) frequently ignore data semantics of captured packets and have to consider the whole payloads leading to false positives if attacks signatures are found in incorrect positions. Therefore NIDSs have to investigate in pa...

Web services are increasingly becoming an integral part of next-generation web applications. A Web service is defined as a software system designed to support interoperable machine-to-machine interaction over a network based on a set of XML standards. This new architecture and set of protocols brings new security challenges such as confidentiality,...

Distributed firewalls are often deployed by large enterprises to filter the network traffic. However, it has been observed that the resulting complex firewall network is highly error prone and causes serious security holes. Hence, automated solutions are needed in order to check its correctness. In this paper, we propose a formal and automatic meth...

In a clear contrast with the phenomenal growth of Web database applications, access control issues related to data stored in the back-end databases have largely been neglected. Current approaches to access control on databases do not fit web databases because they are mostly based on individual user identities. In this paper, we propose (RBAC+), a...

The majority of today’s web-based applications are based on back-end databases to process and store business information. Containing valuable business information, these systems are highly interesting to attackers and special care needs to be taken to prevent them from malicious accesses. In this paper, we propose (RBAC + ), an extension of the NIS...

Honeypot is an effective security tool, which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. To study these attacks, the honeypot must capture and log large amounts of data which are very difficult to process manually. So, the analysis of these logs has become a very difficult and t...

The insider threat against database management systems is a very dangerous and common security problem. Authorized users may compromise database security by abusing legitimate privileges to masquerade as another user or to gather data for malicious purposes. This problem is aggravated for databases made available over the web through web applicatio...

In the field of access control, delegation is an important aspect that is considered part of the administration mechanism. Thus, a comprehensive access control model must provide a flexible administration model to manage delegation and revocation. Unfortunately, to our best knowledge, there is no complete model for describing all delegation require...

Routing protocols are essential for interconnecting networks; however they may enclose several vulnerabilities that can be exploited by malicious attackers. For example, an attacker may send forged packets to a router with the intention of changing or corrupting the routing table, which in turn can reduce the network connectivity and degrade the ro...

The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contributio...

Trust is one of the basic assumptions that we use in every day life. In ad hoc networks, routing protocols implement trust implicitly between the nodes of the network. Unfortunately, the implicit trust relations are not used by nodes whereas the attacks on ad hoc routing protocols precisely lead to the violation of at least one of these trust relat...

The configuration of firewalls is highly error prone and automated solution are needed in order to analyze its correctness. We propose a formal and automatic method for checking whether a firewall reacts correctly with respect to a security policy given in an high level declarative language. When errors are detected, some feedback is returned to th...