Jaouhar Fattahi

Elyes Manai, Mohamed Mejri, Jaouhar Fattahi

This paper investigates the impact of feature encoding techniques on the explainability of XAI (Explainable Artificial Intelligence) algorithms. Using a malware classification dataset, we trained an XGBoost model and compared the performance of two feature encoding methods: Label Encoding (LE) and One Hot Encoding (OHE). Our findings reveal a marginal performance loss when using OHE instead of LE. However, the more detailed explanations provided by OHE compensated for this loss. We observed that OHE enables deeper exploration of details in both global and local contexts, facilitating more comprehensive answers. Additionally, we observed that using OHE resulted in smaller explanation files and reduced analysis time for human analysts. These findings emphasize the significance of considering feature encoding techniques in XAI research and suggest potential for further exploration by incorporating additional encoding methods and innovative visualization approaches.

Jaouhar Fattahi

In the paced realms of cybersecurity and digital forensics machine learning (ML) and deep learning (DL) have emerged as game changing technologies that introduce methods to identify stop and analyze cyber risks. This review presents an overview of the ML and DL approaches used in these fields showcasing their advantages drawbacks and possibilities. It covers a range of AI techniques used in spotting intrusions in systems and classifying malware to prevent cybersecurity attacks, detect anomalies and enhance resilience. This study concludes by highlighting areas where further research is needed and suggesting ways to create transparent and scalable ML and DL solutions that are suited to the evolving landscape of cybersecurity and digital forensics.

Jaouhar Fattahi, Mohamed Mejri

Fingerprint recognition is often a game-changing step in establishing evidence against criminals. However, we are increasingly finding that criminals deliberately alter their fingerprints in a variety of ways to make it difficult for technicians and automatic sensors to recognize their fingerprints, making it tedious for investigators to establish strong evidence against them in a forensic procedure. In this sense, deep learning comes out as a prime candidate to assist in the recognition of damaged fingerprints. In particular, convolution algorithms. In this paper, we focus on the recognition of damaged fingerprints by Convolutional Long Short-Term Memory networks. We present the architecture of our model and demonstrate its performance which exceeds 95% accuracy, 99% precision, and approaches 95% recall and 99% AUC.

Jaouhar Fattahi, Mohamed Mejri

In this paper, we put forward a new tool, called SpaML, for spam detection using a set of supervised and unsupervised classifiers, and two techniques imbued with Natural Language Processing (NLP), namely Bag of Words (BoW) and Term Frequency-Inverse Document Frequency (TF-IDF). We first present the NLP techniques used. Then, we present our classifiers and their performance on each of these techniques. Then, we present our overall Ensemble Learning classifier and the strategy we are using to combine them. Finally, we present the interesting results shown by SpaML in terms of accuracy and precision.

Jaouhar Fattahi, Mohamed Mejri, Emil Pricop

Witness functions have recently been introduced in cryptographic protocols' literature as a new powerful way to prove protocol correctness with respect to secrecy. In this paper, we extend them to the property of authentication. We show how to use them safely and we run an analysis on a modified version of the Woo-Lam protocol. We show that it is correct with respect to authentication.

Jaouhar Fattahi, Mohamed Mejri, Emil Pricop

In this paper, we show how practical the little theorem of witness functions is in detecting security flaws in some category of cryptographic protocols. We convey a formal analysis of the Needham-Schroeder symmetric-key protocol in the theory of witness functions. We show how it helps to teach about a security vulnerability in a given step of this protocol where the value of security of a particular sensitive ticket in a sent message unexpectedly plummets compared with its value when received. This vulnerability may be exploited by an intruder to mount a replay attack as described by Denning and Sacco.

Jaouhar Fattahi

In this paper, we enunciate the theorem of secrecy in tagged protocols using the theory of witness-functions and we run a formal analysis on a new tagged version of the Needham-Schroeder public-key protocol using this theorem. We discuss the significance of tagging in securing cryptographic protocols as well.

Emil Pricop, Sanda Florentina Mihalache, Nicolae Paraschiv et al.

Control systems behavior can be analyzed taking into account a large number of parameters: performances, reliability, availability, security. Each control system presents various security vulnerabilities that affect in lower or higher measure its functioning. In this paper the authors present a method to assess the impact of security issues on the systems availability. A fuzzy model for estimating the availability of the system based on the security level and achieved availability coefficient (depending on MTBF and MTR) is developed and described. The results of the fuzzy inference system (FIS) are presented in the last section of the paper.

Jaouhar Fattahi, Mohamed Mejri, Hanane Houmani

In this paper, we look at the property of secrecy through the growth of the protocol. Intuitively, an increasing protocol preserves the secret. For that, we need functions to estimate the security of messages. Here, we give relaxed conditions on the functions and on the protocol and we prove that an increasing protocol is correct when analyzed with functions that meet these conditions.

Kalthoum Ouerghi, Najib Fadlallah, Amor Smida et al.

Microwave imaging for breast cancer detection is based on the contrast in the electrical properties of healthy fatty breast tissues. This paper presents an industrial, scientific and medical (ISM) bands comparative study of five microstrip patch antennas for microwave imaging at a frequency of 2.45 GHz. The choice of one antenna is made for an antenna array composed of 8 antennas for a microwave breast imaging system. Each antenna element is arranged in a circular configuration so that it can be directly faced to the breast phantom for better tumor detection. This choice is made by putting each antenna alone on the Breast skin to study the electric field, magnetic fields and current density in the healthy tissue of the breast phantom designed and simulated in Ansoft High Frequency Simulation Software (HFSS).

Jaouhar Fattahi, Mohamed Mejri, Hanane Houmani

In this paper, we present a new formal method to analyze cryptographic protocols statically for the property of secrecy. It consists in inspecting the level of security of every component in the protocol and making sure that it does not diminish during its life cycle. If yes, it concludes that the protocol keeps its secret inputs. We analyze in this paper an amended version of the Woo-Lam protocol using this new method.

Takwa Omrani, Adel Dallali, Bilgacem Chibani Rhaimi et al.

With the progressive increase of network application and electronic devices (computers, mobile phones, android, etc.) attack and intrusion, detection has become a very challenging task in cybercrime detection area. in this context, most of the existing approaches of attack detection rely mainly on a finite set of attacks. These solutions are vulnerable, that is, they fail in detecting some attacks when sources of informations are ambiguous or imperfect. However, few approaches started investigating in this direction. This paper investigates the role of machine learning approach (ANN, SVM) in detecting a TCP connection traffic as a normal or a suspicious one. But, using ANN and SVM is an expensive technique individually. In this paper, combining two classifiers are proposed, where artificial neural network (ANN) classifier and support vector machine (SVM) are both employed. Additionally, our proposed solution allows to visualize obtained classification results. Accuracy of the proposed solution has been compared with other classifier results. Experiments have been conducted with different network connections selected from NSL-KDD DARPA dataset. Empirical results show that combining ANN and SVM techniques for attack detection is a promising direction.

Jaouhar Fattahi, Mohamed Mejri

In this paper, we use the witness-functions to analyze cryptographic protocols for secrecy under nonempty equational theories. The witness-functions are safe metrics used to compute security. An analysis with a witness-function consists in making sure that the security of every atomic message does not decrease during its lifecycle in the protocol. The analysis gets more difficult under nonempty equational theories. Indeed, the intruder can take advantage of the algebraic properties of the cryptographic primitives to derive secrets. These properties arise from the use of mathematical functions, such as multiplication, addition, exclusive-or or modular exponentiation in the cryptosystems and the protocols. Here, we show how to use the witness-functions under nonempty equational theories and we run an analysis on the Needham-Schroeder-Lowe protocol under the cipher homomorphism. This analysis reveals that although this protocol is proved secure under the perfect encryption assumption, its security collapses under the homomorphic primitives. We show how the witness-functions help to illustrate an attack scenario on it and we propose an amended version to fix it.

Darine Ameyed, Fehmi Jaafar, Jaouhar Fattahi

Cloud computing relies on sharing computing resources rather than having local servers or personal devices to handle applications. Nowadays, cloud computing has become one of the fastest growing fields in information technology. However, several new security issues of cloud computing have emerged due to its service delivery models. In this paper, we discuss the case of distributed denial-of-service (DDoS) attack using Cloud resources. First, we show how such attack using a cloud platform could not be detected by previous techniques. Then we present a tricky solution based on the cloud as well.

Jaouhar Fattahi, Mohamed Mejri, Marwa Ziadia et al.

Proving that a cryptographic protocol is correct for secrecy is a hard task. One of the strongest strategies to reach this goal is to show that it is increasing, which means that the security level of every single atomic message exchanged in the protocol, safely evaluated, never deceases. Recently, two families of functions have been proposed to measure the security level of atomic messages. The first one is the family of interpretation-functions. The second is the family of witness-functions. In this paper, we show that the witness-functions are more efficient than interpretation-functions. We give a detailed analysis of an ad-hoc protocol on which the witness-functions succeed in proving its correctness for secrecy while the interpretation-functions fail to do so.

Jaouhar Fattahi, Mohamed Mejri, Marwa Ziadia et al.

In several critical military missions, more than one decision level are involved. These decision levels are often independent and distributed, and sensitive pieces of information making up the military mission must be kept hidden from one level to another even if all of the decision levels cooperate to accomplish the same task. Usually, a mission is negotiated through insecure networks such as the Internet using cryptographic protocols. In such protocols, few security properties have to be ensured. However, designing a secure cryptographic protocol that ensures several properties at once is a very challenging task. In this paper, we propose a new secure protocol for multipart military missions that involve two independent and distributed decision levels having different security levels. We show that it ensures the secrecy, authentication, and non-repudiation properties. In addition, we show that it resists against man-in-the-middle attacks.

Jaouhar Fattahi, Mohamed Mejri, Hanane Houmani

In this paper, we present a new semi-decidable procedure to analyze cryptographic protocols for secrecy based on a new class of functions that we call: the Witness-Functions. A Witness-Function is a reliable function that guarantees the secrecy in any protocol proved increasing once analyzed by it. Hence, the problem of correctness becomes a problem of protocol growth. A Witness-Function operates on derivative messages in a role-based specification and introduces new derivation techniques. We give here the technical aspects of the Witness-Functions and we show how to use them in a semi-decidable procedure. Then, we analyze a variation of the Needham-Schroeder protocol and we show that a Witness-Function can also help to teach about flaws. Finally, we analyze the NSL protocol and we prove that it is correct with respect to secrecy.