Studies in Computational Intelligence 919 Yassine Maleh Mohammad Shojafar Mamoun Alazab Youssef Baddi   Editors Machine Intelligence and Big Data Analytics for Cybersecurity Applications Studies in Computational Intelligence Volume 919 Series Editor Janusz Kacprzyk, Polish Academy of Sciences, Warsaw, Poland The series “Studies in Computational Intelligence” (SCI) publishes new developments and advances in the various areas of computational intelligence—quickly and with a high quality The intent is to cover the theory, applications, and design methods of computational intelligence, as embedded in the fields of engineering, computer science, physics and life sciences, as well as the methodologies behind them The series contains monographs, lecture notes and edited volumes in computational intelligence spanning the areas of neural networks, connectionist systems, genetic algorithms, evolutionary computation, artificial intelligence, cellular automata, self-organizing systems, soft computing, fuzzy systems, and hybrid intelligent systems Of particular value to both the contributors and the readership are the short publication timeframe and the world-wide distribution, which enable both wide and rapid dissemination of research output Indexed by SCOPUS, DBLP, WTI Frankfurt eG, zbMATH, SCImago All books published in the series are submitted for consideration in Web of Science More information about this series at http://www.springer.com/series/7092 Yassine Maleh Mohammad Shojafar Mamoun Alazab Youssef Baddi • • • Editors Machine Intelligence and Big Data Analytics for Cybersecurity Applications 123 Editors Yassine Maleh Sultan Moulay Slimane University Beni Mellal, Morocco Mamoun Alazab Charles Darwin University Darwin, NT, Australia Mohammad Shojafar Institute for Communication Systems University of Surrey Guildford, UK Youssef Baddi Chouaib Doukkali University El Jadida, Morocco ISSN 1860-949X ISSN 1860-9503 (electronic) Studies in Computational Intelligence ISBN 978-3-030-57023-1 ISBN 978-3-030-57024-8 (eBook) https://doi.org/10.1007/978-3-030-57024-8 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 This work is subject to copyright All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Preface As cyber-attacks against critical infrastructure increase and evolve, automated systems to complement human analysis are needed Moreover, chasing the breaches is like looking for a needle in a haystack Such organizations are so large, with so much information and data to sort through to obtain actionable information that it seems impossible to know where to start The analysis of an attack’s intelligence is traditionally an iterative, mainly manual process, which involves an unlimited amount of data to try to determine the sophisticated patterns and behaviors of intruders Besides, most of the detected intrusions provide a limited set of attributes on a single phase of an attack Accurate and timely knowledge of all stages of an intrusion would allow us to support our cyber-detection and prevention capabilities, enhance our information on cyber-threats, and facilitate the immediate sharing of information on threats, as we share several elements The book is expected to address the above issues and will aim to present new research in the field of cyber-threat hunting, information on cyber-threats, and analysis of important data Therefore, cyber-attacks protection of computer systems is one of the most critical cybersecurity tasks for single users and businesses Even a single attack can result in compromised data and sufficient losses Massive losses and frequent attacks dictate the need for accurate and timely detection methods Current static and dynamic methods not provide efficient detection, especially when dealing with zero-day attacks For this reason, big data analytics and machine intelligencebased techniques can be used This book brings together researchers in the field of cybersecurity and machine intelligence to advance the missions of anticipating, prohibiting, preventing, preparing, and responding to various cybersecurity issues and challenges The wide variety of topics it presents offers readers multiple perspectives on a variety of disciplines related to machine intelligence and big data analytics for cybersecurity applications Machine intelligence and big data analytics for Cybersecurity Applications comprise a number of state-of-the-art contributions from both scientists and practitioners working in machine intelligence and cybersecurity It aspires to provide a relevant reference for students, researchers, engineers, and professionals working in v vi Preface this area or those interested in grasping its diverse facets and exploring the latest advances on machine intelligence and big data analytics for cybersecurity applications More specifically, the book consists of 24 contributions classified into three pivotal sections: Machine intelligence and big data analytics for cybersecurity: Fundamentals and Challenges: Introducing the state-of-the-art and the taxonomy of machine intelligence and big data for cybersecurity Section Machine intelligence and big data analytics for cyber-threat detection and analysis: Offering the latest architectures and applications of machine intelligence and big data analytics for cyber-threats and malware detection and analysis Section Machine intelligence and big data analytics for cybersecurity applications: Dealing with the application of machine intelligence techniques for cybersecurity in many fields from IoT health care to cyber-physical systems and vehicle security We want to take this opportunity and express our thanks to the authors of this volume and the reviewers for their great efforts by reviewing and providing interesting feedback to the authors of the chapter The editors would like to thank Dr Thomas Ditsinger Springer, Editorial Director (Interdisciplinary Applied Sciences) and Prof Janusz Kacprzyk (Series Editor-in-Chief), and Ms Jennifer Sweety Johnson (Springer Project Coordinator), for the editorial assistance and support to produce this important scientific work With this collective effort, this book would not have been possible Khouribga, Morocco El Jadida, Morocco Guildford, UK Darwin, Australia Prof Yassine Maleh Prof Youssef Baddi Prof Mohammad Shojafar Prof Mamoun Alazab Contents Machine Intelligence and Big Data Analytics for Cybersecurity: Fundamentals and Challenges Network Intrusion Detection: Taxonomy and Machine Learning Applications Anjum Nazir and Rizwan Ahmed Khan Machine Learning and Deep Learning Models for Big Data Issues Youssef Gahi and Imane El Alaoui The Fundamentals and Potential for Cybersecurity of Big Data in the Modern World Reinaldo Padilha Franỗa, Ana Carolina Borges Monteiro, Rangel Arthur, and Yuzo Iano Toward a Knowledge-Based Model to Fight Against Cybercrime Within Big Data Environments: A Set of Key Questions to Introduce the Topic Mustapha El Hamzaoui and Faycal Bensalah 29 51 75 Machine Intelligence and Big Data Analytics for Cyber-Threat Detection and Analysis Improving Cyber-Threat Detection by Moving the Boundary Around the Normal Samples 105 Giuseppina Andresini, Annalisa Appice, Francesco Paolo Caforio, and Donato Malerba Bayesian Networks for Online Cybersecurity Threat Detection 129 Mauro José Pappaterra and Francesco Flammini vii viii Contents Spam Emails Detection Based on Distributed Word Embedding with Deep Learning 161 Sriram Srinivasan, Vinayakumar Ravi, Mamoun Alazab, Simran Ketha, Ala’ M Al-Zoubi, and Soman Kotti Padannayil AndroShow: A Large Scale Investigation to Identify the Pattern of Obfuscated Android Malware 191 Md Omar Faruque Khan Russel, Sheikh Shah Mohammad Motiur Rahman, and Mamoun Alazab IntAnti-Phish: An Intelligent Anti-Phishing Framework Using Backpropagation Neural Network 217 Sheikh Shah Mohammad Motiur Rahman, Lakshman Gope, Takia Islam, and Mamoun Alazab Network Intrusion Detection for TCP/IP Packets with Machine Learning Techniques 231 Hossain Shahriar and Sravya Nimmagadda Developing a Blockchain-Based and Distributed Database-Oriented Multi-malware Detection Engine 249 Sumit Gupta, Parag Thakur, Kamalesh Biswas, Satyajeet Kumar, and Aman Pratap Singh Ameliorated Face and Iris Recognition Using Deep Convolutional Networks 277 Balaji Muthazhagan and Suriya Sundaramoorthy Presentation Attack Detection Framework 297 Hossain Shahriar and Laeticia Etienne Classifying Common Vulnerabilities and Exposures Database Using Text Mining and Graph Theoretical Analysis 313 Ferda Ưzdemir Sưnmez Machine Intelligence and Big Data Analytics for Cybersecurity Applications A Novel Deep Learning Model to Secure Internet of Things in Healthcare 341 Usman Ahmad, Hong Song, Awais Bilal, Shahid Mahmood, Mamoun Alazab, Alireza Jolfaei, Asad Ullah, and Uzair Saeed Secure Data Sharing Framework Based on Supervised Machine Learning Detection System for Future SDN-Based Networks 355 Anass Sebbar, Karim Zkik, Youssef Baddi, Mohammed Boulmalf, and Mohamed Dafir Ech-Cherif El Kettani Contents ix MSDN-GKM: Software Defined Networks Based Solution for Multicast Transmission with Group Key Management 373 Youssef Baddi, Sebbar Anass, Karim Zkik, Yassine Maleh, Boulmalf Mohammed, and Ech-Cherif El Kettani Mohamed Dafir Machine Learning for CPS Security: Applications, Challenges and Recommendations 397 Chuadhry Mujeeb Ahmed, Muhammad Azmi Umer, Beebi Siti Salimah Binte Liyakkathali, Muhammad Taha Jilani, and Jianying Zhou Applied Machine Learning to Vehicle Security 423 Guillermo A Francia III and Eman El-Sheikh Mobile Application Security Using Static and Dynamic Analysis 443 Hossain Shahriar, Chi Zhang, Md Arabin Talukder, and Saiful Islam Mobile and Cloud Computing Security 461 Fadi Muheidat and Lo’ai Tawalbeh Robust Cryptographical Applications for a Secure Wireless Network Protocol 485 Younes Asimi, Ahmed Asimi, and Azidine Guezzaz A Machine Learning Based Secure Change Management 505 Mounia Zaydi and Bouchaib Nassereddine Intermediary Technical Interoperability Component TIC Connecting Heterogeneous Federation Systems 521 Hasnae L’Amrani, Younes El Bouzekri El Idrissi, and Rachida Ajhoun Intermediary Technical Interoperability Component TIC … 525 4.1 Federations’ Technologies and Interoperability Challenges Identity federation systems provide many solutions to manage identity propagation among domains SAML1.0, SAML2.0, WS-Federation, OpenID, OpenID Connect, OAuth 1.0, OAuth 2.0, etc are all federation technologies used to ensure identity federation among entities inside and outside federation domains The researchers generate a comparative study within federation technologies to gain evidence of the dissimilarities between federated technologies Table presents the concurrent federated technologies At this point we use the following criteria to define the difference between those technologies’ performances: authentication, authorization, single sign-on, attributes exchange and pseudonyms existence The collect of information about those technologies gives us a global view about the capabilities of each technology [9, 10] Researchers used authentication and authorization as comparison criteria to show the need for both authentication/authorization to ensure federation Here we insist on the existence of authentication criteria in comparing federation technologies, however, authorization could be added with a supplementary authorization standard that could change from one federation technology to another Attribute exchange with pseudonyms are required also to guarantee the efficiency of communication between federations’ technologies [11] Table Existing federation technologies Technology features WS-Federation SAML OAuth OpenID OpenID connect Federation version WS-Federation SAML2.0 1.2 OAuth 2.0 OpenID 2.0 OpenID Connect 1.0 Not enabled Enabled Enabled Authentication Enabled Enabled Authorization Enabled Enabled/User Enabled roles (attributes) With OAuth 1.0 With OAuth 2.0 Token SAML 1.1/2.0 assertions SAML2.0 assertions SAML2.0 assertions id_token id_token Token type XML document XML document JSON web JSON web token token (JWT) (JWT) JSON web token (JWT) Attributes exchange Enabled Enabled OpenID connect based Enabled Enabled Pseudonym Enabled Enabled OpenID connect based Pairwise Pairwise Pseudonymous Pseudonymous 526 H L’Amrani et al Researchers have found that authentication is a basic level to ensure while communicating According to the comparative study shown in Table 1, most of the federation technologies support authentication However, authorization is ensured based on the discussed federation technology or based on a combination with other federation technology Tokens are required for guarantee the exchange of assertions that carry authorizations attributes, user attributes… Attributes are necessarily required to the use and re-use of data among different federations Pseudonyms strength is the guarantee of certain levels of security while communicating within heterogeneous domains Taking everything into consideration we deduced that federation technologies support the basic levels of federated systems, despite, they use different ways to ensure these required processes This difference generates interoperability issues among the cited federation technologies 4.2 Problem Statement It will be perfect if we can define interoperability in a unique way, except the diversity of contexts where interoperability is required prevents us, for this reason, concept of interoperability has various definitions while switching domains and contexts To describe the interoperability issues among Federated Identity Management systems (FIM), we assume a User U(A) belonging to federation A Fed(A), who request access to a service S(B) deployed in a service provider B SP(B), which is an element of a federation B Fed(B): SP(B) ∈ Fed(B) Researchers assume too, that Fed (A) has also an IdP and SP that are elements of Fed (A): SP(A) ∈ Fed(A) and IdP(A) ∈ Fed(A) When a user from federation Fed(A) aims to gain a service in federation Fed(B) which is part of the same trust circle At this point, researchers consider that the trust issue is solved, hence the federations can exchange the identity information safely We begin the communication processes by an access request to the resources Therefore, the user from the Fed(A) has to be authenticated in the Fed(B) identity provider IdP(B) which is an element of F(B): IdP(B) ∈ Fed(B) The issue observed is that, the request is not understandable by the IdP(B) Here we found that both Fed(A) and Fed(B) can’t speak the same language This is due to the difference in federations technologies Figure presents, the case of massive number of communicating entities, where several service providers establish federations with multiple identity providers All entities knowing and trusting each other This is the most complicated case regarding topology However, this is the clearest case at the level of explaining the possibilities in terms of issues that communication among the entities of the federation can address This model presents the plurality of service providers and the diversity of identity providers that provide user authentication Above all, the level of complexity in processing communication between federation entities increases with the complexity Intermediary Technical Interoperability Component TIC … 527 Fig Case of multiple entities federation of the model used However, the problem increases enormously when all these entities are adopting different technologies for the implementation of their federations Actually, we can say that there is nonexistence of interoperability between different federations’ technologies The goal of this work is creating a common infrastructure i.e interoperability platform, where the exchanged requests among heterogeneous federation technologies could be translated into other federations’ requests [12] There are many levels of interoperability to deal with, however the researcher target the technical level Since there are technical problems detected in the communication among different federations [13] Technical interoperability within identity federation systems refers to two or more federation systems that may operate and exchange identity data between each other, with the system communication interface as the endpoint responsible for these exchanges, it must be identified, known and accessible The interface that is represented by the edge layer of the two systems enables exchange and interaction In the context of exchange between identity federation systems that are characterized by their heterogeneity, ensuring communication between these heterogeneous systems requires analyzing the aspect of interoperability In the previous studies, researchers treated the identities portability issue among federated models They proposed to solve this problem by an interoperable approach [3] Systems that want to communicate and exchange identity information needs to be able to interoperate without particular concern by using common structures and types of data These communication systems can evolve independently without the risk of breaking this interoperability 528 4.2.1 H L’Amrani et al Communication Restriction Level Within Different Federations To meet the interoperability requirements, we conducted a simulation for the communication workflow with two federations, both based on a heterogeneous technology Under this example, communication between these federations has been interrupted, which indicates that there is a problem in this communication In this work, the interoperability approach is being implemented to address the problem of communication discontinuity, due to the heterogeneity of these federations’ protocols, standards, and technologies The solution of technical interoperability aims to ensure continuous communication among different systems Figure shows the architecture deployed to achieve a real exchange between these two federations We note here that the user is already a trusted user for the federation based on WS-Federation We give an explanation of the communication scenario between two different federations The purpose is to display all the relevant steps for exchanging requests between federations based on the two standards SAML and WSFederation We have set up the previously selected SAML2.0 and WS-Federation The user requests access to a protected web service from his browser The service provider (SP) redirects user to the identity provider (IdP) and transports the SAML request This request is sent to IdP An error occurred when redirecting to the Security Token Service (STS) identity provider The purpose of the previous scenario is to allow a SAML service provider to exchange data about a subject with a WS-Federation identity provider and vice versa, in a transparent and technology independent manner At this level, it can be seen that the WS-Federation’s identity provider can no longer analyse the received SAML request Fig Communication interruption while sending authentication request from SAML2.0 to WSFederation Intermediary Technical Interoperability Component TIC … 529 4.3 Problem Discussion Following the implementation of identity federation technologies, it is noted that each of these technologies has its specific way to negotiate and propagate identity After the observation of the parameters used by each of the SAML and WSFederation (Table 2), Researchers noticed that there is homogeneity in the exchanged flows and heterogeneity in the structure and parameters of the requests We have mentioned in the following table the characteristics of some parameters and their correspondence SAML and WS-Federation [14] Each federation relies on its own properties, so the exchange between the two entities has produced results that need to be taken into account In summary, SAML and WS-Federation reach the same result except with different treatments [15] In the first place, the user requests the protected service through an HTTP request, to the SAML configured SP, once the request is received, the SP redirects the user to the SSO (Single Sign-On) service of the WS-Federation configured STS IdP The request consists of the URL of STS SSO service in charge of authenticating users based on Active Directory and takes in parameters the usual SAML values, specifically the SAMLRequest request transferred in GET to this service [16] The STS receives the SAMLRequest and RelayState parameters [14] Under these conditions, the identity provider returns an access error to the server with a reference number, which is mentioned bellow: 196d480a-0c97-4ae0-b95a-7fae8e0a1f4e This code generated by the ADFS service of the STS identity provider shows a request error and indicate the revision of the structure In normal cases, the STS receives a request that contains the parameters Wa = wsignin1.0, Wtrealm, Wctx [14] When receiving the parameters for the SAML specification, the STS is confused because it cannot interpret the request by providing the appropriate response For Table Comparative analysis between SAML and WS-Federation parameters Parameters Function SAML WS-federation Connection request Request to the authentication server SAMLRequest Wa = wsignin1.0 Inform the ADFS server RelayState about the SP Wtrealm Status of the SP before communicating the ADFS RelayState Wctx Authentication protocol Authentication protocol used Form based Form based microsoft ntlm protocol Token Type of token used SAML2.0 SAML 1.1 530 H L’Amrani et al this reason, the ADFS returns the error code that demands requests understandable by the STS [17] 4.4 Prototype Proposal Interoperability is the faculty of two entities to interact, communicate and exchange information bringing into account protocols and policies use of each entity To ensure interaction with no constraints Interoperability of federated systems in a federation context refers to the potential to manage and exchange identity information with two or more federated systems [18, 19] (Fig 3) Each federation system has its own way of negotiating and propagating requests that include all identity information The discussion of the problem of structural heterogeneity, of existing federation technologies, leads to the study of the appropriate solution for ensuring technical interoperability between these federations The solution must ensure the exchange between heterogeneous federations in a flexible and transparent way In addition, the diversity of requests and responses used by existing federation technologies requires the creation of a solution that supports the matching of all parameters of inter-federation exchanged requests The researchers found there are many positions to implement the interoperability third party They discussed the existent scenarios, which support federated systems to achieve this capability [3] To achieve technical interoperability between different federation technologies, it is important to study the interoperability supported scenarios For this purpose, we consider the possibilities to take charge for interoperability according to the following cases: After analyzing the feasibility of supporting interoperability, authors concluded that every deployment scheme examined has specific strengths and weaknesses In relation with the requirement to implement interoperability, federated systems must be easily embedded in communication while having independent handling Scenario is a benefit in terms of integration, independent handling and centralized usability Based on this finding, the establishment of a third party entity that will take care of the interoperability treatment was the solution adopted However, in the case of other scenarios, the implementation still always depended on the technology where Fig Interoperability scenarios Intermediary Technical Interoperability Component TIC … 531 implemented Because of that, the authors proposed an approach based on a third party entity to ensure the interoperability task 4.4.1 Proposal to Solve Interoperability Issue We propose a model for transparent communication between federated systems with a guarantee of interoperability among the heterogeneous federated systems technologies The requirements form this proposed midway are: • • • • Bilateral Interoperability between the federated systems Authentication and authorization supported SSO multi-domains Trust between federated systems Equivalent to what is exposed in Fig 4, an outline of the functional process regarding the suggested proposal, since the source, when the interoperability midway acquires the request, and as long as the spread of identities among heterogeneous federations is going on The researchers explain the main steps to convert a request from source federation to destination federation: • Detection of the source and destination federation • After the phase of detecting the federation destination; this information is extracted from the request that is the input to this midway (Input) In this step, we encounter two situations, one is simple, and the other is sophisticated • The first situation: in the case of a federation with a homogeneous destination, i.e the detected technology of the source federation is the same as that of the destination detected in the second step The communication process continues normally and the request is transmitted to the target • The second situation: In the case of the federation of a different destination from that of the source (heterogeneous federation) Many steps to be followed before sending the request to the detected destination • First, we should detect the type of request Is that a request or response? Is it an authentication request or attribute request? Is it a Get, Post or Redirect request…, we extract the main characteristics of the detected request In the area “Conversion” conversion to standard form, it is possible to recognize the technology of federated entities requiring interoperability, which is registered in an internal database, which includes a list of entities and the technology associated with each entity The next step is the mapping of federated requests, based on the identification of the type of request, and then involving the required processing • The task of converting the query is handled by the mapping box between the query parameters, and their equivalents in the standard form table, and then reconstructing its parameters according to the structure supported by the destination federation technology The output of the conversion box in standard form is a request corresponding to the form of the destination federation After all, the new reformulated request is transferred to the destination federation 532 H L’Amrani et al Fig Proposed model for technical interoperability approach Results From the material and method section, researchers assume that the proposal should be implemented in a practical environment In this result section, researchers present the technical environment used to implement the proposed prototype Researchers’ results are demonstrated in a graphical user interface Thereafter, TIC main elements are presented separately The main results subsection will show the result after translating a request from one federation technology to another federation technology Intermediary Technical Interoperability Component TIC … 533 5.1 Implementation Researchers discuss the deployment of the Technical interoperability component TIC in this subsection Technical Interoperability Component is the midway component in our proposed solution to ensure technical interoperability between the different federations First, the researchers deployed a virtualization infrastructure based on Oracle solutions Figure describes the architecture used to implement the chosen solution Researchers used two machines, the first one will be used to install and configure the VM manager (Virtual Machine Manager) and the second one will be assigned to the server The virtualization technology used is Oracle VM Server/Manager The two machines are connected via an Ethernet cable to establish a connection between them, which is an internal wireless network between both machines The machine or server will be installed and then added in a pole Then, Virtual machines are imported (if exist) or installed in these poles, this will be managed via the VM manager Those virtual machines are the hosts where we have installed different federation technologies (Example: SAML, WS-Federation, Shibboleth, Open-ID) with their identities and servers providers The virtual infrastructure is built to install different federation technologies Due to the multiplicity of federation technologies Moreover, one of those virtual machines used to implement the proposed interoperability component which has to be an intermediary tool to receive exchanges requests between different federations and then translate them based on the request source, destination, type, and parameters Fig Machine deployment infrastructure based on virtualization solution 534 5.1.1 H L’Amrani et al TIC Graphical User Interface (GUI) Figure present Graphical User Interface of TIC components which makes able to translate received request to the appropriate federation The core components of technical interoperability Component TIC, are implemented in Java (J2EE) and MySQL database has been used for the storage of parameters and attributes The graphical interface (Fig 6) of the part responsible for converting requests from on technology to another The researchers present the results obtained in this research work If the user gives as input to the TIC midway a request then the TIC can detect the federation technology Thereafter, TIC will process the request to know if it is a get, post or redirect request Then, based on the request type and the destination federation parameter extracted from the request, the TIC will translate the request to the appropriate type of request appropriately with the destination federation technology Fig The TIC component graphical interface Intermediary Technical Interoperability Component TIC … 5.1.2 535 TIC Component Main Elements The TIC components gives as result the translated request from SAML2.0 to WSFederation, and vice versa If the request is URL, Base64 decoded or encoded, TIC can inverses the operation Then the tool translate the request to the appropriate form Figure present the conception followed to implement the TIC component The researchers used classes to ensure the conception of this translation tool: decodebase64, SAML2, Translate, WSFED To translate the received requests, the following steps are followed: The system will receive the request encoded in base 64, decode it and then detect and retrieve if it is SAML2.0 or WS-Federation If it is a SAML2.0 request, it detects its type (GET, POST, REDIRECT), translates it into a WS-Federation request of the same type (for example if the request is SAML2.0 of type GET after translation the system must return a WS-Federation request of type GET) After translation comes the response phase, the system sends the response of the translated request as follows: • If the translated request is of type GET the system sends a request of type REDIRECT • Otherwise if it is of the REDIRECT type, the system sends a request of the POST type Fig TIC component implementation class diagram 536 H L’Amrani et al 5.2 Main Results The researchers were able to implement the first translation direction of the TIC component which is the translation of SAML2.0 requests to WSFED requests As well as the other direction from WSFED to SAML2.0 This is the first translation process within two different federation technologies The TIC interoperability component is designed to be standard tool to interoperate all federation technologies In the following we will specify the purpose of each of these classes (Fig 7): decodebase64, SAML2, Translate, WSFED to successfully translate requests exchanged by federations The role of the decodebase64 class encodes or decodes received requests If we consider the example of a SAML2 technology request After the decoding, we move on to the processing, i.e translation and sending of the response according to the types of the request (GET, POST or REDIRECT) The function saml.Detecttype() is imported from the SAML2 class If the request is WSFED, the same processing will be done, i.e we will have a translation and send a response according to the types of requests (GET, POST or REDIRECT) The first case is the translation of a SAML request to a WS-Federation request We declare the parameters and then translate the requests to WSFED LoadXMLFromSting() function provides a DOM parser as a basis Its purpose is to browse the xml string which composes the SAML2 authentication request (SAMLRequest) request and then extract the parameters required to translate into the WS-Federation request Then we search in the XML block for the parameters IssueInstant and saml: Issuer and we give their values (content) to the wct and wreply (parameters of WS-Federation request) The query is translated by assigning each parameter the value that corresponds to it in WS-Federation request 5.2.1 Final Translation Result Finally, we will present the result of translating an authentication query request The result obtained implicitly includes all the previous steps followed to translate a request, from the moment when it is received until the moment when it is sent SAML Request Encoded in base 64 and Request after decodebase64 Request encodebase64 Request decodeBase64 Intermediary Technical Interoperability Component TIC … 537 Same thing for the inverse process, when TIC receives request from WSFederation, it will decode it and translate it from WS-Federation form to SAML2.0 form WS-Federation Request Encoded in base 64 and Request after decodebase64 Request encodebase64 Request decodeBase64 Translation from WS-Federation Request to SAML2.0 Result The next figure present the total results obtained while trying to translate request from WS-Federation to SAML2.0 (Fig 8): Result after translation https://idp.idp.openclassrooms.com/SSO?SAMLRequest = < saml:Issuer > null < samlp:NameIDPolicy AllowCreate = ”true” Format = ”urn:oasis:names:tc:SAML:2.0:nameid-format:transient”/> &RelayState = token Fig Translation from WS-Federation request to SAML2.0 result 538 H L’Amrani et al Conclusion and Future Works The identity federation solution is very suitable to solve this problem of domain change Several other problems show up while the process of the changing domain Researchers aimed to achieve at the same time a transparent transition of private data and interoperability between different domains, all with an advanced level of security The results demonstrate two things First, there is a way to translate requests from different federation technologies Second, the translation could be based on this standard framework among all existing federation technologies The researchers detailed the process of interoperability between homogeneous federated systems, also heterogeneous federated systems Therefore, they have designed a mechanism that ensures interoperability between mixed federated systems The proposed mechanism is an intermediate midway named TIC that is part of the circle of trust of federations These trusted federations constitute a meta-system called the federation of the federation This proposal midway solution receives requests from federations, detects the technology of the source federation, the destination federation, translates exchanged requests, and then takes charge of matching requests between the communicating federations At this point, we succeeded in tackling the first problem that blocks communication among different federations, which is the nonexistence of technical interoperability among existing federation technologies in order that the first level to deal with in this work is the technical interoperability layer is guaranteed Interoperability targets several layers In this paper, we have worked on the technical layer Due to the issues involved in the heterogeneity of federation technologies, as well as the multiplicity of the meaning of the exchanged attributes Several layers of interoperability, other than the technical layer, have to be addressed For these reasons, the second layer that the researchers target is the resolution of the absence of semantic interoperability among federation systems The purpose of semantic interoperability is to guarantee the use of information exchanged between federations, whatever its form or semantics In the next works, researches deal with semantic interoperability as an achievement for the improvement of technical interoperability We will investigate the encountered challenges, potential semantic technologies to solve these challenges and the specification of further detailed modules of the semantic approach addressed The researchers’ results cast a new light on a techno-semantic level of interoperability that will enhance communication among heterogeneous federation technologies Both technical and semantic interoperability layers are evidently created a unique mechanism to solve communication issues between federation systems Now that we guarantee techno-sematic interoperability, we will achieve the Federation of Federation goal Intermediary Technical Interoperability Component TIC … 539 References DataReportal (2020) Digital 2020 Zimbabwe (January 2020) v01 Jan-2020 [Online] Available https://www.slideshare.net/DataReportal/digital-2020-zimbabwe-January-2020-v01 Accessed 15-Mar-2020 Itu T, Itu TSSO (2016) Series X: data networks, open system communications and security cyberspace security—identity management Baseline identity management terms and definitions L’Amrani H, Berroukech BE, El Bouzekri El Idrissi Y, Ajhoun R (2017) Toward interoperability approach between federated systems In: ACM international conference proceeding series, vol Part F1294 Beer Mohamed MI, Hassan MF, Safdar S, Saleem MQ (2019) Adaptive security architectural model for protecting identity federation in service oriented computing J King Saud Univ Comput Inf Sci (xxxx) Kanwal A, Masood R, Shibli MA (2014) Evaluation and establishment of trust in cloud federation In: Proceedings of the 8th international conference on ubiquitous information management and communication, ICUIMC 2014 Group OC (2007) Achieving interoperability between active directory federation services and shibboleth France M (2012, June) Using AD FS for interoperable SAML 0-based federated web single sign-on Ates M, Gravier C, Lardon J, Fayolle J, Sauviac B (2007) Interoperability between heterogeneous federation architectures: illustration with SAML and WS-Federation In: Proceedings of international conference signal image technology internet based system SITIS 2007, pp 1063–1070 Baldoni R (2012) Federated identity management systems in e-government: the case of Italy Electron Govern 10 Damien C (2016) SP vs IdP initiated SSO | Damien Carru’s Blog: it’s a federated world [Online] Available https://blogs.oracle.com/dcarru/sp-vs-idp-initiated-sso Accessed 19-Nov2019 11 Pérez-Méndez A, Períguez-García F, Marín-López R, López-Millán G, Howlett J (2014) Identity federations beyond the web: a survey IEEE Commun Surv Tutorials 16(4):2125–2141 12 EL Haddouti S, Dafir Ech-Cherif EL Kettani M (2019) A hybrid scheme for an interoperable identity federation system based on attribute aggregation method Computers 8(3):51 13 Type P (2013, August) Federated identity management for research collaborations the need for federated identity management 14 David Gregory M (2014) ADFS Deep-Dive: comparing WS-Fed, SAML, and OAuth-Microsoft Tech Community-257584 [Online] Available https://techcommunity.microsoft.com/t5/CoreInfrastructure-and-Security/ADFS-Deep-Dive-Comparing-WS-Fed-SAML-and-OAuth/ba-p/ 257584 Accessed 19-Nov-2019 15 Groß T, Pfitzmann B (2015) Proving a WS-Federation passive requestor profile In: Proceedings of 2004workshop on secure web services, SWS 2004, pp 77–86 16 onelogin Saml Developer Tools (2015) SAML Attribute and NameID Extractor| SAMLTool.com 17 Svidergol B, Meloski V, Wright B, Martinez S, Bassett D (2018) Active directory federation services Mastering Wind Server® 2016, pp 423–455 18 Pierre-dit-mery L (2015) Référentiel Général d’Interopérabilité Standardiser, s’aligner et se focaliser pour échanger efficacement Direction Interministérielle du Numérique et du Système d’Information et de Communication de l’Etat 19 Oh SR, Kim YG (2019) Interoperable OAuth 2.0 Framework In: 2019 International conference on platform technology and service—PlatCon 2019—proceedings, pp 2–6 ... perspectives on a variety of disciplines related to machine intelligence and big data analytics for cybersecurity applications Machine intelligence and big data analytics for Cybersecurity Applications. .. sections: Machine intelligence and big data analytics for cybersecurity: Fundamentals and Challenges: Introducing the state-of-the-art and the taxonomy of machine intelligence and big data for cybersecurity. .. cybersecurity Section Machine intelligence and big data analytics for cyber-threat detection and analysis: Offering the latest architectures and applications of machine intelligence and big data analytics