Mosab Khayat scite author profile

Social media platforms are filled with social spambots. Detecting these malicious accounts is essential, yet challenging, as they continually evolve to evade detection techniques. In this article, we present VASSL, a visual analytics system that assists in the process of detecting and labeling spambots. Our tool enhances the performance and scalability of manual labeling by providing multiple connected views and utilizing dimensionality reduction, sentiment analysis and topic modeling, enabling insights for the identification of spambots. The system allows users to select and analyze groups of accounts in an interactive manner, which enables the detection of spambots that may not be identified when examined individually. We present a user study to objectively evaluate the performance of VASSL users, as well as capturing subjective opinions about the usefulness and the ease of use of the tool.

show abstract

Evaluation of HMM-Based Network Intrusion Detection System for Multiple Multi-Stage Attacks

Shawly

Khayat

Elghariani

et al. 2020

IEEE Network

View full text Add to dashboard Cite

The Validity, Generalizability and Feasibility of Summative Evaluation Methods in Visual Analytics

Khayat

Karimzadeh

Ebert

et al. 2019

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

Many evaluation methods have been used to assess the usefulness of Visual Analytics (VA) solutions. These methods stem from a variety of origins with different assumptions and goals, which cause confusion about their proofing capabilities. Moreover, the lack of discussion about the evaluation processes may limit our potential to develop new evaluation methods specialized for VA. In this paper, we present an analysis of evaluation methods that have been used to summatively evaluate VA solutions. We provide a survey and taxonomy of the evaluation methods that have appeared in the VAST literature in the past two years. We then analyze these methods in terms of validity and generalizability of their findings, as well as the feasibility of using them. We propose a new metric called summative quality to compare evaluation methods according to their ability to prove usefulness, and make recommendations for selecting evaluation methods based on their summative quality in the VA domain.

show abstract

PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks

Javed

Khayat

Elghariani

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks

Javed¹,

Khayat²,

Elghariani³

et al. 2021

Preprint

View full text Add to dashboard Cite

The increase in scale of cyber networks and the rise in sophistication of cyber-attacks have introduced several challenges in intrusion detection. The primary challenge is the requirement to detect complex multi-stage attacks in realtime by processing the immense amount of traffic produced by present-day networks. In this paper we present PRISM, a hierarchical intrusion detection architecture that uses a novel attacker behavior model-based sampling technique to minimize the realtime traffic processing overhead. PRISM has a unique multi-layered architecture that monitors network traffic distributedly to provide efficiency in processing and modularity in design. PRISM employs a Hidden Markov Model-based prediction mechanism to identify multi-stage attacks and ascertain the attack progression for a proactive response. Furthermore, PRISM introduces a stream management procedure that rectifies the issue of alert reordering when collected from distributed alert reporting systems. To evaluate the performance of PRISM, multiple metrics has been proposed, and various experiments have been conducted on a multi-stage attack dataset. The results exhibit up to 7.5x improvement in processing overhead as compared to a standard centralized IDS without the loss of prediction accuracy while demonstrating the ability to predict different attack stages promptly.

show abstract

A Process-driven View on Summative Evaluation of Visual Analytics Solutions

Khayat¹,

Ghafoor²

2018

Preprint

View full text Add to dashboard Cite

Guard: Attack-Resilient Adaptive Load Balancing in Distributed Streaming Systems

Daghistani

Khayat

Felemban

et al. 2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Evaluation of Visual Analytics With Application to Social Spambot Labeling

Khayat¹

2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mosab Khayat

VASSL: A Visual Analytics Toolkit for Social Spambot Labeling

Evaluation of HMM-Based Network Intrusion Detection System for Multiple Multi-Stage Attacks

The Validity, Generalizability and Feasibility of Summative Evaluation Methods in Visual Analytics

PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks

PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks

A Process-driven View on Summative Evaluation of Visual Analytics Solutions

Guard: Attack-Resilient Adaptive Load Balancing in Distributed Streaming Systems

Evaluation of Visual Analytics With Application to Social Spambot Labeling

Contact Info

Product

Resources

About