These datasets were generated in a computer network environment where eXfiltration Advanced Persistent Threats were launched against a number of high-value targets.

It is the alert log of the Security Onion SIEM which aggregates alerts from network and host-based intrusion detection systems that are securing the network environment.


With the popularity of smartphones and widespread use of high-speed Internet, social media has become a vital part of people’s daily life. Currently, text messages are used in many applications, such as mobile chatting, mobile banking, and mobile commerce. However, when we send a text message via short message service (SMS) or social media, the information contained in the text message transmits as a plain text, which exposes it to attacks.


Efficient intrusion detection and analysis of the security landscape in big data environments present challenge for today's users. Intrusion behavior can be described by provenance graphs that record the dependency relationships between intrusion processes and the infected files. Existing intrusion detection methods typically analyze and identify the anomaly either in a single provenance path or the whole provenance graph, neither of which can achieve the benefit on both detection accuracy and detection time.


Mp3 is a very popular audio format and hence it can be a good host for carrying hidden messages. Therefore, different steganography methods have been proposed for mp3 hosts. UnderMp3Cover is one of such algorithms and has some important advantage over other comparable methods. First, the popular steganography method mp3stego, works directly on non-compressed samples. Therefore, using covers that have been compressed before could lead to serious degradation of its security. UnderMp3Cover does not have this important limitation.


The archive file “Mp3_Decoder” contains some codes for decoding and reading frames of mp3 files into Matlab. You need to decompress the archive before using the codes.

Upon decompression, the resulting folder would contain an executable file, a folder named “tables” and the Matlab wrapper for communication between Matlab environment

and the executable part. Please, make sure that you copy all of these material to your current address and do not make any change to the name of “tables” folder. 

Please, refer to “Main_Frame_Decoder.m” for an example on running the codes.



The folder “Multiple_ReEmbeding_Feature_Extraction” contains the codes for proposed feature extraction. First, you should use the codes in “Mp3_Decoder” folder and

import sideinfo of your mp3 files in Matlab, then use the provided codes for feature extraction.Please, refer to “Main_Feat_Extraction.m” for an example on running the codes.



The archive file “Ump3C” contains some codes for message hiding/extraction in the Matlab environment. Investigating Ump3C method shows that only global gain of mp3

bit stream get changed in the embedding process, therefore, our code is only a simulation of the process and does not produce an mp3 file in the output.

In other words, these codes would only generate sideinfo corresponding to the stego files, but it would not mux sideinfo and MDCT back, it would not produce 

bit stream of stego file and it would not write the bitstream into an output file. It is noteworthy that from steganalysis point of view, we don’t need the output 

bit stream of Ump3c and sideinfo of stego file would suffice. In order to run the codes, you need to decompress the archive. Upon decompression, the resulting folder 

would contain an executable file, a folder named “tables” and some Matlab codes for simulating the message hiding/extraction procedures. Please, make sure that you 

copy all of these material to your current address and do not make any change to the name of “tables” folder. Please, refer to “Main.m” for an example on running the codes.


Fore more information please refer to the following article:

Hamzeh Ghasemzade, "Multi-layer architecture for efficient steganalysis of UnderMp3Cover in multi-encoder scenario", IEEE Transactions on Information Forensics and Security, 2018.





The raw EEG signals are collected from seven adult participants (a~g, 4 males and 3 females, their ages range from 21 to 45, the average age is 24.71 and the average deviation is 6.49). None of them has a case history of brain injury or brain disease. the "EMOTIV EPOC+"EEG head-worn device is employed, which has a total of 14 channels, namely: AF3, AF4, F3, F4, F7, F8, FC5, FC6, T7, T8, P7, P8, O1 and O2. The sampling frequency is 128Hz and the signals can generate 128 sample points per second per channel. 



Static analysis is increasingly used by companies and individual code developers to detect bugs and security vulnerabilities. As programs grow more complex, the analyses have to support new code concepts, frameworks and libraries. However, static-analysis code itself is also prone to bugs. While more complex analyses are written and used in production systems every day, the cost of debugging and fixing them also increases tremendously.


Desktops and laptops can be maliciously exploited to violate privacy. In this paper, we consider the daily battle between the passive attacker who is targeting a specific user against a user that may be adversarial opponent. In this scenario, while the attacker tries to choose the best vector attack by surreptitiously monitoring the victim’s encrypted network traffic in order to identify user’s parameters such as the Operating System (OS), browser and apps. The user may use tools such as a Virtual Private Network (VPN) or even change protocols parameters to protect his/her privacy.


One important topic to work is to create a good set of malicious web characteristics, because it is difficult to find one updated and with a research work to support it .