
Akbar Siami NaminTexas Tech University | TTU · Department of Computer Science
Akbar Siami Namin
About
174
Publications
63,469
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
5,040
Citations
Introduction
Skills and Expertise
Publications
Publications (174)
As an intriguing case is the goodness of the machine and deep learning models generated by these LLMs in conducting automated scientific data analysis, where a data analyst may not have enough expertise in manually coding and optimizing complex deep learning models and codes and thus may opt to leverage LLMs to generate the required models. This pa...
In machine learning class imbalance is a pressing issue, where the model is biased towards the majority classes and underperforms in the minority classes. In textual data, the natural language processing (NLP) model bias significantly reduces overall accuracy, along with poor performance in minority classes. This paper investigates and compares the...
The existing literature on forecasting time series data is primarily based on univariate analysis and techniques such as Univariate Autoregressive (UAR), Univariate Moving Average (UMA), Simple Exponential Smoothing (SES), deep learning models, and, most notably, univariate Long Short-Term Memory (LSTM) built based on univariate variable where the...
Purpose
This study aimed to investigate how honest participants perceived an attacker to be during shoulder surfing scenarios that varied in terms of which Principle of Persuasion in Social Engineering (PPSE) was used, whether perceived honesty changed as scenarios progressed, and whether any changes were greater in some scenarios than others.
Des...
Large language models (LLMs) have attracted considerable attention as they are capable of showcasing impressive capabilities generating comparable high-quality responses to human inputs. LLMs, can not only compose textual scripts such as emails and essays but also executable programming code. Contrary, the automated reasoning capability of these LL...
Smart Contracts (SCs) communicate with each other using external calls. Their interactions can be malicious, resulting in the loss of Ether. One can blame the reentrancy attack for this exploitation. Several previous endeavors detected the reentrancy vulnerability by creating testing tools using static analysis like Remix. However, these approaches...
Ethereum Blockchain technology introduced a competitive environment in the financial sector. Consequently, new technologies emerged, such as Smart Contracts (SCs), which preclude code corrections due to their immutable nature. But the incorrect and faulty uploaded SCs led to uninvited penetrations into SCs’ accounts, resulting in considerable custo...
Federated learning is a decentralized machine learning paradigm that allows multiple clients to collaborate by leveraging local computational power and the models transmission. This method reduces the costs and privacy concerns associated with centralized machine learning methods while ensuring data privacy by distributing training data across hete...
The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate att...
Cyber-attacks are a continuing problem. These attacks are problematic for users who are visually impaired and cannot rely on visual cues to indicate a potential cyber-attack. Sonification is an alternative way to help users who are visually impaired detect potential cyber-attacks. Sonification provides information to users using non-speech sounds....
Auditory icons are naturally occurring sounds that systems play to convey information. Systems must convey complex messages. To do so, systems can play: 1) a single sound that represents the entire message, or 2) a single sound that represents the first part of the message, followed by another sound that represents the next part of that message, et...
Anomaly detection in time-series data is an integral part in the context of the Internet of Things (IoT). In particular, with the advent of sophisticated deep and machine learning-based techniques, this line of research has attracted many researchers to develop more accurate anomaly detection algorithms. The problem itself has been a long-lasting c...
The coronavirus pandemic has already caused plenty of severe problems for humanity and the economy. The exact impact of the COVID-19 pandemic is still unknown, and economists and financial advisers are exploring all possible scenarios to mitigate the risks arising from the pandemic. An intriguing question is whether this pandemic and its impacts ar...
Purpose
Nonexperts do not always follow the advice in cybersecurity warning messages. To increase compliance, it is recommended that warning messages use nontechnical language, describe how the cyberattack will affect the user personally and do so in a way that aligns with how the user thinks about cyberattacks. Implementing those recommendations r...
The use of metaphor in cybersecurity discourse has become a topic of interest because of its ability to aid communication about abstract security concepts. In this paper, we borrow from existing metaphor identification algorithms and general theories to create a lightweight metaphor identification algorithm, which uses only one external source of k...
Cyber-defenders must account for users’ perceptions of attack consequence severity. However, research has yet to investigate such perceptions of a wide range of cyber-attack consequences. Thus, we had users rate the severity of 50 cyber-attack consequences. We then analyzed those ratings to a) understand perceived severity for each consequence, and...
This paper presents
ContextMiner
, a novel natural language processing (NLP) framework to automatically capture contextual features for the purpose of extracting meaningful context-aware phrases from cybersecurity unstructured textual data. The framework utilizes basic attributes such as
part-of-speech
tagging, dependency parsing, and a domain-...
Malicious applications are usually comprehended through two major techniques, namely static and dynamic analyses. Through static analysis, a given malicious program is parsed, and some representative artifacts (e.g., control-flow graphs) are produced without any execution; whereas, the given malicious application needs to be executed when conductin...
It is important to comprehend the attacker’s behavior and capacity in order to build a stronger fortress and thus be able to protect valuable assets more effectively. Prior to launching technical and physical attacks, an attacker may enter the reconnaissance stage and gather sensitive information. To collect such valuable data, one of the most effe...
The Internet of Things (IoT) has already changed our daily lives by integrating smart devices together towards delivering high quality services to its clients. These devices when integrated together form a network through which massive amount of data can be produced, transferred, and shared. A critical concern is the security and integrity of such...
There exist several data-driven approaches that enable us model time series data including traditional regression-based modeling approaches (i.e., ARIMA). Recently, deep learning techniques have been introduced and explored in the context of time series analysis and prediction. A major research question to ask is the performance of these many varia...
The Hierarchical Max-pooling models (HMAX) have demonstrated excellent outperformance when integrated with various computer vision algorithms for the purpose of recognizing objects in images. However, the conventional HMAX model has two main problems: 1) it is computationally expensive to learn base matrixes, especially at layer S2 (matching layer)...
Sonification is the utilization of sounds to convey information about data or events. There are two types of emotions associated with sounds: (1) “perceived” emotions, in which listeners recognize the emotions expressed by the sound, and (2) “induced” emotions, in which listeners feel emotions induced by the sound. Although listeners may widely agr...
Many security problems in software systems are because of vulnerabilities caused by improper configurations. A poorly configured software system leads to a multitude of vulnerabilities that can be exploited by adversaries. The problem becomes even more serious when the architecture of the underlying system is static and the misconfiguration remains...
Phishing emails have certain characteristics, including wording related to urgency and unrealistic promises (i.e., “too good to be true”), that attempt to lure victims. To test whether these characteristics affected users’ suspiciousness of emails, users participated in a phishing judgment task in which we manipulated 1) email type (legitimate, phi...
Phishing attack countermeasures have previously relied on technical solutions or user training. As phishing attacks continue to impact users resulting in adverse consequences, mitigation efforts may be strengthened through an understanding of how user characteristics predict phishing susceptibility. Several studies have identified factors of intere...
Due to its complexity, designing digital forensics curriculum can be quite challenging. This paper describes how authors used experiential learning theory to design and teach digital forensics in post-secondary education settings. Furthermore, drawing on survey data collected from students at the end of a graduate level digital forensics course and...
This paper reports a formative evaluation of auditory representations of cyber security threat indicators and cues, referred to as sonifications, to warn users about cyber threats. Most Internet browsers provide visual cues and textual warnings to help users identify when they are at risk. Although these alarming mechanisms are very effective in in...
To combat phishing, system messages warn users of suspected phishing attacks. However, users do not always comply with warning messages. One reason for non-compliance is that warning messages contradict how users think about phishing threats. To increase compliance, warning messages should align with user perceptions of phishing threat risks. How u...
To understand how end-users conceptualize consequences of cyber security attacks, we performed a card sorting study, a well-known technique in Cognitive Sciences, where participants were free to group the given consequences of chosen cyber attacks into as many categories as they wished using rationales they see fit. The results of the open card sor...
It is important to predict any adversarial attacks and their types to enable effective defense systems. Often it is hard to label such activities as malicious ones without adequate analytical reasoning. We propose the use of Hidden Markov Model (HMM) to predict the family of related attacks. Our proposed model is based on the observations often agg...
The Web spam identification problem can be modeled as an instance of the conventional classification problem. Web spams aim at deceiving web crawlers by advertising certain Web pages through elevation of their page rankings superficially than their actual weights. Web spams are intended to produce fraudulent results of web search queries and degene...
Objective:
To understand how aspects of vishing calls (phishing phone calls) influence perceived visher honesty.
Background:
Little is understood about how targeted individuals behave during vishing attacks. According to truth-default theory, people assume others are being honest until something triggers their suspicion. We investigated whether...
We aimed to understand whether warning message design recommendations address the reasons why non-experts choose to not protect themselves from cybersecurity threats. Toward that end, we synthesized literature to investigate why non-experts choose to not protect themselves, and catalog design recommendations aimed at influencing how non-experts thi...
We aimed to understand whether warning message design recommendations address the reasons why non-experts choose to not protect themselves from cybersecurity threats. Toward that end, we synthesized literature to investigate why non-experts choose to not protect themselves, and catalog design recommendations aimed at influencing how non-experts thi...
Smart contract (SC) is an extension of BlockChain technology. Ethereum BlockChain was the first to incorporate SC and thus started a new era of crypto-currencies and electronic transactions. Solidity helps to program the SCs. Still, soon after Solidity's emergence in 2014, Solidity-based SCs suffered many attacks that deprived the SC account holder...
The problem of detecting phishing emails through machine learning techniques has been discussed extensively in the literature. Conventional and state-of-the-art machine learning algorithms have demonstrated the possibility of building classifiers with high accuracy. The existing research studies treat phishing and genuine emails through general ind...
It is important and informative to compare and contrast major economic crises in order to confront novel and unknown cases such as the COVID-19 pandemic. The 2006 Great Recession and then the 2019 pandemic have a lot to share in terms of unemployment rate, consumption expenditures, and interest rates set by Federal Reserve. In addition to quantitat...
Purpose
This study aims to examine how social engineers use persuasion principles during vishing attacks.
Design/methodology/approach
In total, 86 examples of real-world vishing attacks were found in articles and videos. Each example was coded to determine which persuasion principles were present in that attack and how they were implemented, i.e....
Sonification is the science of communication of data and events to users through sounds. Auditory icons, earcons, and speech are the common auditory display schemes utilized in sonification, or more specifically in the use of audio to convey information. Once the captured data are perceived, their meanings, and more importantly, intentions can be i...
It is important and informative to compare and contrast major economic crises in order to confront novel and unknown cases such as the COVID-19 pandemic. The 2006 Great Recession and then the 2019 pandemic have a lot to share in terms of unemployment rate, consumption expenditures, and interest rates set by Federal Reserve. In addition to quantitat...
Cyber-physical systems posit a complex number of security challenges due to interconnection of heterogeneous devices having limited processing, communication, and power capabilities. Additionally, the conglomeration of both physical and cyber-space further makes it difficult to devise a single security plan spanning both these spaces. Cyber-securit...
More specialized cybersecurity education programs are needed to address workforce needs, but it is unclear which knowledge, skills, and abilities (KSAs) fulfil industry needs. We interviewed 48 professionals within four cyber defense specialty areas: (1) Cyber Network Defense Analysis, (2) Cyber Network Defense Infrastructure Support, (3) Incident...
The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might also change. To ensure that compliance requirements are continuously met, there is a need for frameworks that not only suppo...
Online reviews play an integral part for success or failure of businesses. Prior to purchasing services or goods, customers first review the online comments submitted by previous customers. However, it is possible to superficially boost or hinder some businesses through posting counterfeit and fake reviews. This paper explores a natural language pr...
This paper proposes to use Fast Fourier Transformation-based U-Net (a refined fully convolutional networks) and perform image convolution in neural networks. Leveraging the Fast Fourier Transformation, it reduces the image convolution costs involved in the Convolutional Neural Networks (CNNs) and thus reduces the overall computational costs. The pr...
We present an exploratory study of responses from $75$ security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. We presented the participants' with various attack scenarios and asked them to explain the steps they w...
Cloud computing offers users scalable platforms and low resource cost. At the same time, the off-site location of the resources of this service model makes it more vulnerable to certain types of adversarial actions. Cloud computing has not only gained major user base, but also, it has the features that attackers can leverage to remain anonymous and...
Customers represent their satisfactions of consuming products by sharing their experiences through the utilization of online reviews. Several machine learning-based approaches can automatically detect deceptive and fake reviews. Recently, there have been studies reporting the performance of ensemble learning-based approaches in comparison to conven...
Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security and robustness of these applications against some known vulnerabilities. However, the large number of vulnera...
We present a novel idea on adequacy testing called ``{vulnerability coverage}.'' The introduced coverage measure examines the underlying software for the presence of certain classes of vulnerabilities often found in the National Vulnerability Database (NVD) website. The thoroughness of the test input generation procedure is performed through the ad...
The performance of coverage-based fault localization greatly depends on the quality of test cases being executed. These test cases execute some lines of the given program and determine whether the underlying tests are passed or failed. In particular, some test cases may be well-behaved (i.e., passed) while executing faulty statements. These test ca...