Home » Publication
2026
Akrami, Yasamin; Sarıtaş, Melisa; Malkawi, Malek; Alhajj, Reda
Vendor-Specific Vulnerability Analysis: A 26-Year Study of CVE Distribution Patterns Proceedings Article
In: An, Aijun; Cuzzocrea, Alfredo; Hu, Hongxin (Ed.): Social Networks Analysis and Mining, pp. 495–507, Springer Nature Switzerland, Cham, 2026, ISBN: 978-3-032-14107-1.
@inproceedings{10.1007/978-3-032-14107-1_40,
title = {Vendor-Specific Vulnerability Analysis: A 26-Year Study of CVE Distribution Patterns},
author = {Yasamin Akrami and Melisa Sarıtaş and Malek Malkawi and Reda Alhajj},
editor = {Aijun An and Alfredo Cuzzocrea and Hongxin Hu},
doi = {10.1007/978-3-032-14107-1_40},
isbn = {978-3-032-14107-1},
year = {2026},
date = {2026-02-04},
urldate = {2026-01-01},
booktitle = {Social Networks Analysis and Mining},
pages = {495–507},
publisher = {Springer Nature Switzerland},
address = {Cham},
abstract = {Vulnerabilities in systems represent weaknesses that can be exploited to cause significant damage, making their effective management crucial for organizational survival. As cyber threats continue to evolve, understanding and addressing these vulnerabilities is essential to protect against financial losses, operational disruptions, and reputational damage. In this paper, we conduct a 26-year CVE distribution pattern analysis of Common Vulnerabilities and Exposures (CVE), focusing on vulnerabilities from a vendor-specific perspective using Common Platform Enumeration (CPE) data. We analyze the evolution of vulnerabilities, highlighting the vendors most frequently associated with reported security issues. The findings reveal a vulnerability landscape dominated by Microsoft, Google, Apple, Oracle, and Debian, with Microsoft holding 21.1% of reported CVEs. Microsoft and Google show the highest risk profiles with many high and critical severity vulnerabilities, while Apple, Oracle, and Debian have more varied severity levels. Temporal analysis links major increases in disclosures to key product releases like Microsoft's Windows Vista/7, Google's Android and Chrome, and Apple's iPhone and iPad. By mapping vulnerabilities back to their platform origins via CPE, our work enables security teams to tailor patch management and risk prioritization strategies to vendor-specific patterns.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Vulnerabilities in systems represent weaknesses that can be exploited to cause significant damage, making their effective management crucial for organizational survival. As cyber threats continue to evolve, understanding and addressing these vulnerabilities is essential to protect against financial losses, operational disruptions, and reputational damage. In this paper, we conduct a 26-year CVE distribution pattern analysis of Common Vulnerabilities and Exposures (CVE), focusing on vulnerabilities from a vendor-specific perspective using Common Platform Enumeration (CPE) data. We analyze the evolution of vulnerabilities, highlighting the vendors most frequently associated with reported security issues. The findings reveal a vulnerability landscape dominated by Microsoft, Google, Apple, Oracle, and Debian, with Microsoft holding 21.1% of reported CVEs. Microsoft and Google show the highest risk profiles with many high and critical severity vulnerabilities, while Apple, Oracle, and Debian have more varied severity levels. Temporal analysis links major increases in disclosures to key product releases like Microsoft's Windows Vista/7, Google's Android and Chrome, and Apple's iPhone and iPad. By mapping vulnerabilities back to their platform origins via CPE, our work enables security teams to tailor patch management and risk prioritization strategies to vendor-specific patterns.
Malkawi, Malek; Alhajj, Reda
AI-Powered Vulnerability Detection and Patch Management in Cybersecurity: A Systematic Review of Techniques, Challenges, and Emerging Trends Journal Article
In: Machine Learning and Knowledge Extraction, vol. 8, no. 1, 2026, ISSN: 2504-4990.
@article{make8010019,
title = {AI-Powered Vulnerability Detection and Patch Management in Cybersecurity: A Systematic Review of Techniques, Challenges, and Emerging Trends},
author = {Malek Malkawi and Reda Alhajj},
url = {https://www.mdpi.com/2504-4990/8/1/19},
doi = {10.3390/make8010019},
issn = {2504-4990},
year = {2026},
date = {2026-01-01},
journal = {Machine Learning and Knowledge Extraction},
volume = {8},
number = {1},
abstract = {With the increasing complexity of cyber threats and the inefficiency of traditional vulnerability management, artificial intelligence has been increasingly integrated into cybersecurity. This review provides a comprehensive evaluation of AI-powered strategies including machine learning, deep learning, and large language models for identifying cybersecurity vulnerabilities and supporting automated patching. In this review, we conducted a synthesis and appraisal of 29 peer-reviewed studies published between 2019 and 2024. Our results indicate that AI methods substantially improve the precision of detection, scalability, and response speed compared with human-driven and rule-based approaches. We detail the transition from conventional ML categorization to using deep learning for source code analysis and dynamic network detection. Moreover, we identify advanced mitigation strategies such as AI-powered prioritization, neuro-symbolic AI, deep reinforcement learning and the generative abilities of LLMs which are used for automated patch suggestions. To strengthen methodological rigor, this review followed a registered protocol and PRISMA-based study selection, and it reports reproducible database searches (exact queries and search dates) and transparent screening decisions. We additionally assessed the quality and risk of bias of included studies using criteria tailored to AI-driven vulnerability research (dataset transparency, leakage control, evaluation rigor, reproducibility, and external validation), and we used these quality results to contextualize the synthesis. Our critical evaluation indicates that this area remains at an early stage and is characterized by significant gaps. The absence of standard benchmarks, limited generalizability of the models to various domains, and lack of adversarial testing are the obstacles that prevent adoption of these methods in real-world scenarios. Furthermore, the research suggests that the black-box nature of most models poses a serious problem in terms of trust. Thus, XAI is quite pertinent in this context. This paper serves as a thorough guide for the evolution of AI-driven vulnerability management and indicates that next-generation AI systems should not only be more accurate but also transparent, robust, and generalizable.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
With the increasing complexity of cyber threats and the inefficiency of traditional vulnerability management, artificial intelligence has been increasingly integrated into cybersecurity. This review provides a comprehensive evaluation of AI-powered strategies including machine learning, deep learning, and large language models for identifying cybersecurity vulnerabilities and supporting automated patching. In this review, we conducted a synthesis and appraisal of 29 peer-reviewed studies published between 2019 and 2024. Our results indicate that AI methods substantially improve the precision of detection, scalability, and response speed compared with human-driven and rule-based approaches. We detail the transition from conventional ML categorization to using deep learning for source code analysis and dynamic network detection. Moreover, we identify advanced mitigation strategies such as AI-powered prioritization, neuro-symbolic AI, deep reinforcement learning and the generative abilities of LLMs which are used for automated patch suggestions. To strengthen methodological rigor, this review followed a registered protocol and PRISMA-based study selection, and it reports reproducible database searches (exact queries and search dates) and transparent screening decisions. We additionally assessed the quality and risk of bias of included studies using criteria tailored to AI-driven vulnerability research (dataset transparency, leakage control, evaluation rigor, reproducibility, and external validation), and we used these quality results to contextualize the synthesis. Our critical evaluation indicates that this area remains at an early stage and is characterized by significant gaps. The absence of standard benchmarks, limited generalizability of the models to various domains, and lack of adversarial testing are the obstacles that prevent adoption of these methods in real-world scenarios. Furthermore, the research suggests that the black-box nature of most models poses a serious problem in terms of trust. Thus, XAI is quite pertinent in this context. This paper serves as a thorough guide for the evolution of AI-driven vulnerability management and indicates that next-generation AI systems should not only be more accurate but also transparent, robust, and generalizable.
2025
Saleh, Taj; Ergin, Fatma Corut; Malkawi, Malek; Alhajj, Reda
Performance and Implementation Comparison of Knuth-Morris-Pratt and Boyer-Moore String Search Algorithms Proceedings Article
In: 2025 2nd International Conference on Advanced Innovations in Smart Cities (ICAISC), pp. 1-7, 2025.
@inproceedings{10959692,
title = {Performance and Implementation Comparison of Knuth-Morris-Pratt and Boyer-Moore String Search Algorithms},
author = {Taj Saleh and Fatma Corut Ergin and Malek Malkawi and Reda Alhajj},
doi = {10.1109/ICAISC64594.2025.10959692},
year = {2025},
date = {2025-02-01},
booktitle = {2025 2nd International Conference on Advanced Innovations in Smart Cities (ICAISC)},
pages = {1-7},
abstract = {String search algorithms play an important role in many research areas such as data mining and bioinformatics. While there exist a number of algorithms that handles the topic, we are exploring the the Knuth-Morris-Pratt (KMP) and Boyer-Moore algorithms due to their efficiency and versatility. In this work, we compared the algorithms in terms of characteristics, performance and implementation details. We also tested both the algorithms with various patterns and texts that differs in size. We also analyzed the performance of the algorithms on 4 different processors to understand the technological advancements effects on their performance. Our findings suggest that the BM algorithm perform better with large texts and patterns, while the KMP algorithm is better suited for smaller ones. Also, while newer processor generally exhibit improved performance, the significance of these enhancements may vary. Thus, we should rather be looking specific architectural advancements within generations rather than focusing solely on the generational gap.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
String search algorithms play an important role in many research areas such as data mining and bioinformatics. While there exist a number of algorithms that handles the topic, we are exploring the the Knuth-Morris-Pratt (KMP) and Boyer-Moore algorithms due to their efficiency and versatility. In this work, we compared the algorithms in terms of characteristics, performance and implementation details. We also tested both the algorithms with various patterns and texts that differs in size. We also analyzed the performance of the algorithms on 4 different processors to understand the technological advancements effects on their performance. Our findings suggest that the BM algorithm perform better with large texts and patterns, while the KMP algorithm is better suited for smaller ones. Also, while newer processor generally exhibit improved performance, the significance of these enhancements may vary. Thus, we should rather be looking specific architectural advancements within generations rather than focusing solely on the generational gap.
Malkawi, Malek; Akrami, Yasamin; Kechaou, Safa; Alhajj, Reda
Multi-Client Scenario-Based Reverse Shell Attack Simulation Proceedings Article
In: 2025 9th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), pp. 1-5, 2025.
@inproceedings{11267797,
title = {Multi-Client Scenario-Based Reverse Shell Attack Simulation},
author = {Malek Malkawi and Yasamin Akrami and Safa Kechaou and Reda Alhajj},
doi = {10.1109/ISMSIT67332.2025.11267797},
year = {2025},
date = {2025-01-01},
booktitle = {2025 9th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT)},
pages = {1-5},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2024
Saleh, Taj; Malkawi, Malek; Elgammal, Ziad; Calayır, Arzu Kilitci; Alhajj, Reda
Scenario-Based Cross-Site Request Forgery (CSRF) Attack Simulation Proceedings Article
In: 2024 6th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pp. 1-5, 2024.
@inproceedings{10799863,
title = {Scenario-Based Cross-Site Request Forgery (CSRF) Attack Simulation},
author = {Taj Saleh and Malek Malkawi and Ziad Elgammal and Arzu Kilitci Calayır and Reda Alhajj},
doi = {10.1109/ISAECT64333.2024.10799863},
year = {2024},
date = {2024-12-01},
booktitle = {2024 6th International Symposium on Advanced Electrical and Communication Technologies (ISAECT)},
pages = {1-5},
abstract = {In the dynamic realm of technology, where new advancements consistently transform our online interactions, maintaining the security of web apps is crucial. This study explores the area of web security by investigating Cross-Site Request Forgery (CSRF) vulnerabilities in great detail. We untangle the complexities of CSRF attacks and highlight their possible risks and implications by using advanced simulations in a controlled environment. To carefully and correctly mimic CSRF attacks, the process entails creating a legitimate web application along with a malicious counterpart. The study carefully assesses the effectiveness of custom headers, SameSite cookie characteristics, and anti-CSRF tokens as defense strategies. In addition to its technological focus, the research emphasizes participant involvement’s ethical implications and stresses the significance of user safety. The results provide practical advice for developers and security experts to strengthen web apps in addition to furthering our theoretical understanding of CSRF issues. We show why there is a need for strong security measures to be put in place as soon as possible, acknowledge the ever-changing nature of cyber threats, and call for ongoing research to keep ahead of the curve in terms of protecting digital ecosystems. In conclusion, this study is an invaluable tool for understanding and resolving the urgent problems caused by CSRF vulnerabilities, demonstrating its importance in strengthening the security framework of our globalized digital society.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In the dynamic realm of technology, where new advancements consistently transform our online interactions, maintaining the security of web apps is crucial. This study explores the area of web security by investigating Cross-Site Request Forgery (CSRF) vulnerabilities in great detail. We untangle the complexities of CSRF attacks and highlight their possible risks and implications by using advanced simulations in a controlled environment. To carefully and correctly mimic CSRF attacks, the process entails creating a legitimate web application along with a malicious counterpart. The study carefully assesses the effectiveness of custom headers, SameSite cookie characteristics, and anti-CSRF tokens as defense strategies. In addition to its technological focus, the research emphasizes participant involvement’s ethical implications and stresses the significance of user safety. The results provide practical advice for developers and security experts to strengthen web apps in addition to furthering our theoretical understanding of CSRF issues. We show why there is a need for strong security measures to be put in place as soon as possible, acknowledge the ever-changing nature of cyber threats, and call for ongoing research to keep ahead of the curve in terms of protecting digital ecosystems. In conclusion, this study is an invaluable tool for understanding and resolving the urgent problems caused by CSRF vulnerabilities, demonstrating its importance in strengthening the security framework of our globalized digital society.
Alayedi, Mohanad; Jaradat, Ahmad M.; Elgammal, Ziad; Malkawi, Malek
Performance Optimization of SAC-OCDMA Network Based on 2-D CS Code Utilizing Two Light Sources Proceedings Article
In: 2024 6th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pp. 1-6, 2024.
@inproceedings{10799858,
title = {Performance Optimization of SAC-OCDMA Network Based on 2-D CS Code Utilizing Two Light Sources},
author = {Mohanad Alayedi and Ahmad M. Jaradat and Ziad Elgammal and Malek Malkawi},
doi = {10.1109/ISAECT64333.2024.10799858},
year = {2024},
date = {2024-12-01},
booktitle = {2024 6th International Symposium on Advanced Electrical and Communication Technologies (ISAECT)},
pages = {1-6},
abstract = {This study introduces a novel 2-dimensional (2D) spectral/temporal code, termed 2D-cyclic shift (2D-CS) code, optimized for non-coherent Spectral Amplitude Coding Optical Code Division Multiple Access (SAC-OCDMA) systems. Computational results demonstrate that the 2D-CS code has fostered the SAC-OCDMA system’s performance whence spectral efficiency (SE), phase induced intensity noise (PIIN), and cardinality. Specifically, the 2D-CS code can increase cardinality by up to 117%, 89%, and 61% compared to one-dimensional CS (1D-CS), 2D-multi service (2D-MS), and 2D-diluted perfect difference (2D-DPD) codes, respectively. The system’s performance was evaluated using Optisystem software, showing significant improvements in quality factor (QF) and bit error rate (BER) with LED and laser light sources for four active users at 115 dBm transmitted power and 20,000 m distance.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This study introduces a novel 2-dimensional (2D) spectral/temporal code, termed 2D-cyclic shift (2D-CS) code, optimized for non-coherent Spectral Amplitude Coding Optical Code Division Multiple Access (SAC-OCDMA) systems. Computational results demonstrate that the 2D-CS code has fostered the SAC-OCDMA system’s performance whence spectral efficiency (SE), phase induced intensity noise (PIIN), and cardinality. Specifically, the 2D-CS code can increase cardinality by up to 117%, 89%, and 61% compared to one-dimensional CS (1D-CS), 2D-multi service (2D-MS), and 2D-diluted perfect difference (2D-DPD) codes, respectively. The system’s performance was evaluated using Optisystem software, showing significant improvements in quality factor (QF) and bit error rate (BER) with LED and laser light sources for four active users at 115 dBm transmitted power and 20,000 m distance.
2023
Malkawi, Malek; Alhajj, Reda
Real-time web-based International Flight Tickets Recommendation System via Apache Spark Proceedings Article
In: 2023 IEEE 24th International Conference on Information Reuse and Integration for Data Science (IRI), pp. 279-282, 2023, ISSN: 2835-5776.
@inproceedings{10229425,
title = {Real-time web-based International Flight Tickets Recommendation System via Apache Spark},
author = {Malek Malkawi and Reda Alhajj},
doi = {10.1109/IRI58017.2023.00055},
issn = {2835-5776},
year = {2023},
date = {2023-08-01},
booktitle = {2023 IEEE 24th International Conference on Information Reuse and Integration for Data Science (IRI)},
pages = {279-282},
abstract = {Traveling by airplane has become more popular with advanced technology. The tickets can be booked effortlessly via airlines corporation’s online platforms. However, recommending the best airline ticket according to the buyer’s demands is a challenging task owing to the unexpected fluctuations in the price depending on various reasons. Traditional recommender suggestions are optimized for predicting the price for a specific time or estimating the period of the lowest price. However, considering the sudden changes is an essential matter to increase the accuracy. In this work, we present a web-based real-time system to recommend the most suitable ticket regardless of the continuous changes in the prices. Apache Spark has been used to analyze the data obtained from the international airline web pages. Besides the ease of use of the system, it helps the customer to buy the flight ticket at the lowest price for the desired period and destination. Based on the proposed model, using Python programming language, Flask web server, and Apache Spark, we design and implement the international ticket recommendation system with the MVC design pattern.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Traveling by airplane has become more popular with advanced technology. The tickets can be booked effortlessly via airlines corporation’s online platforms. However, recommending the best airline ticket according to the buyer’s demands is a challenging task owing to the unexpected fluctuations in the price depending on various reasons. Traditional recommender suggestions are optimized for predicting the price for a specific time or estimating the period of the lowest price. However, considering the sudden changes is an essential matter to increase the accuracy. In this work, we present a web-based real-time system to recommend the most suitable ticket regardless of the continuous changes in the prices. Apache Spark has been used to analyze the data obtained from the international airline web pages. Besides the ease of use of the system, it helps the customer to buy the flight ticket at the lowest price for the desired period and destination. Based on the proposed model, using Python programming language, Flask web server, and Apache Spark, we design and implement the international ticket recommendation system with the MVC design pattern.
Malkawi, Malek; Alhajj, Reda
Parallelized Cyber Reconnaissance Automation: A Real-Time and Scheduled Security Scanner Book Chapter
In: Özyer, Sibel Tarıyan; Kaya, Buket (Ed.): Cyber Security and Social Media Applications, pp. 29–54, Springer Nature Switzerland, Cham, 2023, ISBN: 978-3-031-33065-0.
@inbook{Malkawi2023,
title = {Parallelized Cyber Reconnaissance Automation: A Real-Time and Scheduled Security Scanner},
author = {Malek Malkawi and Reda Alhajj},
editor = {Sibel Tarıyan Özyer and Buket Kaya},
url = {https://doi.org/10.1007/978-3-031-33065-0_2},
doi = {10.1007/978-3-031-33065-0_2},
isbn = {978-3-031-33065-0},
year = {2023},
date = {2023-01-01},
booktitle = {Cyber Security and Social Media Applications},
pages = {29–54},
publisher = {Springer Nature Switzerland},
address = {Cham},
abstract = {The extraordinary advancement of technology has increased the importance of achieving the required level of information security, which is still difficult to achieve. Recently, network and web application attacks have become more common, causing confidential data to be stolen by exploiting system vulnerabilities. The CIA Triad Model is broken as a result of this. In this work, with the aim of relieving real-world concerns, we present an enhanced schema for the first feature of the security engine we proposed in the previous paper. It is an automated security scanner based on parallelization for the active information-gathering phase. It supports real-time and scheduled system scans in parallel in the phase of active information gathering based on RESTful API allowing easy integration for real-life cases. With the integration of the message-broker software (RabbitMQ) that originally implemented the advanced message queuing protocol (AMQP), the user has the ability to create instant customized scans and check the related results. These features depend on Celery workers using asynchronous task queue which is reliant on distributed message passing to perform multiprocessing and concurrent execution of tasks. The system can be used by penetration testers, IT departments, and system administrators to monitor their system and grant high security and instant alarms in critical threats. An automated IP and port scanning, service-version enumeration, and security vulnerabilities detection system are the core of the proposed scheme project. The accuracy and efficiency of this technique have been demonstrated through a variety of test cases based on real-world events. The average time of scanning a server and detecting the vulnerabilities has been enhanced by 22.73% to become 1.7 minutes instead of 2.2 minutes. Similarly, the improvement ratio for run time, elapsed time and vulnerability detection are 20.40, 90.80, and 7.70% respectively.},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
The extraordinary advancement of technology has increased the importance of achieving the required level of information security, which is still difficult to achieve. Recently, network and web application attacks have become more common, causing confidential data to be stolen by exploiting system vulnerabilities. The CIA Triad Model is broken as a result of this. In this work, with the aim of relieving real-world concerns, we present an enhanced schema for the first feature of the security engine we proposed in the previous paper. It is an automated security scanner based on parallelization for the active information-gathering phase. It supports real-time and scheduled system scans in parallel in the phase of active information gathering based on RESTful API allowing easy integration for real-life cases. With the integration of the message-broker software (RabbitMQ) that originally implemented the advanced message queuing protocol (AMQP), the user has the ability to create instant customized scans and check the related results. These features depend on Celery workers using asynchronous task queue which is reliant on distributed message passing to perform multiprocessing and concurrent execution of tasks. The system can be used by penetration testers, IT departments, and system administrators to monitor their system and grant high security and instant alarms in critical threats. An automated IP and port scanning, service-version enumeration, and security vulnerabilities detection system are the core of the proposed scheme project. The accuracy and efficiency of this technique have been demonstrated through a variety of test cases based on real-world events. The average time of scanning a server and detecting the vulnerabilities has been enhanced by 22.73% to become 1.7 minutes instead of 2.2 minutes. Similarly, the improvement ratio for run time, elapsed time and vulnerability detection are 20.40, 90.80, and 7.70% respectively.
2022
Malkawi, Malek; Özyer, Tansel; Alhajj, Reda
Automation of active reconnaissance phase: an automated API-based port and vulnerability scanner Proceedings Article
In: Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 622–629, Association for Computing Machinery, Virtual Event, Netherlands, 2022, ISBN: 9781450391283.
@inproceedings{10.1145/3487351.3492720,
title = {Automation of active reconnaissance phase: an automated API-based port and vulnerability scanner},
author = {Malek Malkawi and Tansel Özyer and Reda Alhajj},
url = {https://doi.org/10.1145/3487351.3492720},
doi = {10.1145/3487351.3492720},
isbn = {9781450391283},
year = {2022},
date = {2022-01-01},
booktitle = {Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining},
pages = {622–629},
publisher = {Association for Computing Machinery},
address = {Virtual Event, Netherlands},
series = {ASONAM '21},
abstract = {The unprecedented growth in technology has increased the importance of the required information security that is still hard to be reached. Recently, network and web application attacks have occurred frequently, causing confidential data to be stolen by the available vulnerabilities in the systems and the most prominent is in the form of open ports. This causes the CIA (Confidentiality Integrity and Availability) Triad Model to break. Penetration testing is one of the key techniques used in real life to accurately detect the possible threats and potential attacks against the system, and the first step for hackers to conduct attacks is information collection. In this paper, we present a useful schema for the active information-gathering phase that can be used during penetration testing and by system administrators. It will be the first feature of a security engine going to be implemented. The work involves an automated API-based IP and port scanner, service-version enumerator, and vulnerability detection system. This scheme is based on the Network Mapper (Nmap) to collect the information with high accuracy depending on the provided rules in our schema. Besides, the work has been implemented as a RESTful-API server, aiming at easy integration for real-life cases and allowing administrators to scan and secure their networks more quickly and easily. The effectiveness and efficiency of this technique has been proved by the various test cases applied considering different scenarios from the real world. The average time of scanning a server and detecting the vulnerabilities is 2.2 minutes. Regardless of the number of vulnerabilities, the increase in time for each open port is just about 12 seconds.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The unprecedented growth in technology has increased the importance of the required information security that is still hard to be reached. Recently, network and web application attacks have occurred frequently, causing confidential data to be stolen by the available vulnerabilities in the systems and the most prominent is in the form of open ports. This causes the CIA (Confidentiality Integrity and Availability) Triad Model to break. Penetration testing is one of the key techniques used in real life to accurately detect the possible threats and potential attacks against the system, and the first step for hackers to conduct attacks is information collection. In this paper, we present a useful schema for the active information-gathering phase that can be used during penetration testing and by system administrators. It will be the first feature of a security engine going to be implemented. The work involves an automated API-based IP and port scanner, service-version enumerator, and vulnerability detection system. This scheme is based on the Network Mapper (Nmap) to collect the information with high accuracy depending on the provided rules in our schema. Besides, the work has been implemented as a RESTful-API server, aiming at easy integration for real-life cases and allowing administrators to scan and secure their networks more quickly and easily. The effectiveness and efficiency of this technique has been proved by the various test cases applied considering different scenarios from the real world. The average time of scanning a server and detecting the vulnerabilities is 2.2 minutes. Regardless of the number of vulnerabilities, the increase in time for each open port is just about 12 seconds.