@article {Iraqi2022, title = {Communizer: A collaborative cloud-based self-protecting software communities framework - Focus on the alert coordination system}, journal = {Computers and Security}, volume = {117}, year = {2022}, note = {cited By 0}, abstract = {Popular software has always been appealing to adversaries, as related vulnerabilities are synonymous with millions of exposed businesses. Collaborative intrusion detection, as well as software self-protection, try to alleviate this situation. However, they lack either autonomy and adaptation, or Internet-scale oversight and mitigation. In this work, we present Communizer: a collaborative cloud-based framework that creates communities of self-protecting software across organizations. It allows community members to turn their common weaknesses into collaborative and proactive self-protection, empowering them to detect intrusions, exchange alerts, and anticipate attacks. We start by integrating multiple autonomic MAPE-K loops through cloud-based coordination, and a novel hierarchical, regional coordination pattern (HRCP), optimizing scalability, resiliency, accuracy and privacy. Then, we design a trust-based multi-level alert coordination system (TMACS), as well as a lightweight alert coordination message exchange format (ACMEF). At its core, TMACS aggregates, validates, and shares security alerts among community members while fostering agreement and managing trust. It also addresses insider attacks by detecting and blacklisting rogue members. Moreover, TMACS identifies and neutralizes selfish members through a specifically designed probabilistic model. The analysis, optimization, and evaluation of TMACS show a good trade-off between the precision and recall of untrustworthy and selfish members detection. More importantly, we demonstrate a drastic reduction of monitoring loads on community members while ensuring a high collaborative attack detection and anticipation rate, even for small-scope attacks. {\textcopyright} 2022 Elsevier Ltd}, keywords = {Autonomic Computing, collaboration, Coordination systems, Economic and social effects, Intrusion detection, Mape, MAPE-K, Self protecting, Self-protecting software, Selfishness, Software community, Trust, Trusted computing}, doi = {10.1016/j.cose.2022.102692}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85127747467\&doi=10.1016\%2fj.cose.2022.102692\&partnerID=40\&md5=246bfc07692396ec6709a73d31126fb6}, author = {Iraqi, O. and Bakkali, H.E.} } @conference {Iraqi202024, title = {Immunizer: A Scalable Loosely-Coupled Self-Protecting Software Framework using Adaptive Microagents and Parallelized Microservices}, booktitle = {Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE}, volume = {2020-September}, year = {2020}, note = {cited By 2}, pages = {24-27}, abstract = {IT professionals are overwhelmed by rapidly-changing technology and growing complexity. Additional challenges are introduced by cyber-security. Self-protecting software tries to alleviate this situation by combining principles and techniques from both autonomic computing and software security. However, this combination creates scalability issues, as well as cross-cutting concerns. In this work, we present Immunizer: A Scalable Loosely-Coupled Self-Protecting Software Framework. Immunizer extends our Application-level Unsupervised Outlier-based Intrusion Detection and Prevention Framework by leveraging the architectural building blocks of autonomic computing, and adopting a microagent/microservice architectural model, augmented with distributed cluster computing, for maximum scalability and separation of concerns. More specifically, we design each of the Monitor, Analyze, Plan and Execute functions of the autonomic MAPE-K control loop as a parallelized microservice, while we model its Knowledge function as a data streaming, caching and storage infrastructure. Moreover, we design the Sensor and Effector touchpoint modules as adaptive lightweight runtime application instrumentation microagents. {\textcopyright} 2020 IEEE.}, keywords = {Architectural buildings, Architectural modeling, Cluster computing, Computer programming, Control systems, Cross-cutting concerns, Digital storage, Distributed clusters, Immunization, Intrusion detection, Intrusion detection and prevention, Scalability, Separation of concerns, Software frameworks, Storage infrastructure}, doi = {10.1109/WETICE49692.2020.00013}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85100768767\&doi=10.1109\%2fWETICE49692.2020.00013\&partnerID=40\&md5=8dd6bb02a0433738b505ad00e964a1af}, author = {Iraqi, O. and El Bakkali, H.} } @article {Iraqi2017348, title = {Toward third-party immune applications}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, volume = {10446 LNCS}, year = {2017}, note = {cited By 0}, pages = {348-359}, abstract = {Component reuse has become a trend in software engineering. However, third-party components have the potential to introduce vulnerabilities into software applications and become the weakest link in the security chain. In this paper, we discuss the limitations of traditional security practices and controls against vulnerable components. As a solution, we present a software design and development approach, combined with a collaborative, cloud-based vulnerability and threat management system. This combination aims at enabling applications to gain {\textquotedblleft}artificial immunity{\textquotedblright} to third-party components by dynamically identifying and controlling related security risks. It also strives to promote the automatic discovery of, and near real-time information dissemination about emerging threats and zero-day vulnerabilities. At the heart of our solution, we use application-level API sandboxing, as well as adaptive signature-based and anomaly-based API intrusion detection and prevention. The need-to-know, cost-effectiveness, and user acceptance through separation of concerns have been our guiding security engineering principles. {\textcopyright} 2017, Springer International Publishing AG.}, doi = {10.1007/978-3-319-65127-9_28}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85028464409\&doi=10.1007\%2f978-3-319-65127-9_28\&partnerID=40\&md5=a4030cd1451089f90416806509d76446}, author = {Iraqi, O. and El Bakkali, H.} }