Ali A. Ghorbani

• University of New Brunswick

Interpretable malware detection is crucial for understanding harmful behaviors and building trust in automated security systems. Traditional explainable methods for Graph Neural Networks (GNNs) often highlight important regions within a graph but fail to associate them with known benign or malicious behavioral patterns. This limitation reduces thei...

Control Flow Graphs (CFGs) are critical for analyzing program execution and characterizing malware behavior. With the growing adoption of Graph Neural Networks (GNNs), CFG-based representations have proven highly effective for malware detection. This study proposes a novel framework that dynamically constructs CFGs and embeds node features using a...

The rapid evolution of malware has necessitated the development of sophisticated detection methods that go beyond traditional signature-based approaches. Graph learning techniques have emerged as powerful tools for modeling and analyzing the complex relationships inherent in malware behavior, leveraging advancements in Graph Neural Networks (GNNs)...

Highlights What are the main findings? Simplification of several complex theoretical attacks on DNP3 shows they can be executed with simpler methods, such as bypassing IP allow-list restrictions using ARP spoofing and dynamic NAT table modifications. Practical implementation of man-in-the-middle attacks demonstrated the ability to bypass IP allow-l...

Control Flow Graphs and Function Call Graphs have become pivotal in providing a detailed understanding of program execution and effectively characterizing the behavior of malware. These graph-based representations, when combined with Graph Neural Networks (GNN), have shown promise in developing high-performance malware detectors. However, challenge...

In the era of rapidly expanding graph-based applications, efficiently managing large-scale graphs has become a critical challenge. This paper introduces an innovative graph reduction technique, Node-Centric Pruning (NCP), designed to simplify complex graphs while preserving their essential structural properties, thereby enhancing the scalability an...

Alongside social media platforms’ rise in popularity, fake news circulation has increased, highlighting the need for more practical methods to detect this phenomenon. The constantly evolving format of fake news makes it difficult for approaches that rely on a single modality of news to generalize the different types of false news. Furthermore, earl...

The Industrial Internet of Things (IIoT) is a transformative paradigm that integrates smart sensors, advanced analytics, and robust connectivity within industrial processes, enabling real-time data-driven decision-making and enhancing operational efficiency across diverse sectors, including manufacturing, energy, and logistics. IIoT is susceptible...

The rapid adoption of electric vehicles (EVs) is fundamentally transforming the automotive industry, prompting a surge in the installation of charging stations to accommodate the growing number of EVs and enhance overall mobility and user experience. Efforts to conduct machine learning-based cybersecurity research and develop solutions to address t...

This research addresses a critical need in the ongoing battle against malware, particularly in the form of obfuscated malware, which presents a formidable challenge in the realm of cybersecurity. Developing effective antivirus (AV) solutions capable of combating packed malware remains a crucial endeavor. Packed malicious programs employ encryption...

This work aims to provide both privacy and utility within a split learning framework while considering both forward attribute inference and backward reconstruction attacks. To address this, a novel approach has been proposed, which makes use of class activation maps and autoencoders as a plug-in strategy aiming to increase the user's privacy and de...

As the Internet of Things (IoT) landscape continues to expand, a diverse range of devices with various functionalities is being integrated into the IoT ecosystem. When traditional systems, which involve human interaction, are replaced by devices, it becomes crucial to upgrade the conventional authorization and authentication mechanisms. Traditional...

The Smart Grid is a cyber-integrated power grid that manages electricity generation, transmission, and distribution to consumers and central to its functioning is the substation. However, integrating cyber-infrastructure into the substation has increased its attack surface. Notably, sophisticated attacks such as the PipeDream APT exploit multiple d...

The Internet of Things (IoT) is transforming society by connecting businesses and optimizing systems across industries. Its impact has been felt in healthcare, where it has the potential to revolutionize medical treatment. Conversely, healthcare systems are targeted by attackers and security threats. Malicious activities against such systems intend...

Nowadays, the Internet of Things (IoT) concept plays a pivotal role in society and brings new capabilities to different industries. The number of IoT solutions in areas such as transportation and healthcare is increasing and new services are under development. In the last decade, society has experienced a drastic increase in IoT connections. In fac...

p>Automatic detection of fake content in social media such as Twitter is an enduring challenge. Technically, determining fake news on social media platforms is a straightforward binary classification problem. However, manually fact-checking even a small fraction of daily tweets would only be possible due to the sheer volume of daily tweets. To addr...

p>Automatic detection of fake content in social media such as Twitter is an enduring challenge. Technically, determining fake news on social media platforms is a straightforward binary classification problem. However, manually fact-checking even a small fraction of daily tweets would only be possible due to the sheer volume of daily tweets. To addr...

Nowadays, the Internet of Things (IoT) concept plays a pivotal role in society and brings new capabilities to different industries. The number IoT solutions in areas such as transportation and healthcare is increasing and new services are under development. In the last decade, society has experienced a drastic increase in IoT connections. In fact,...

Zigbee is a well-known wireless network communications protocol designed specifically for low-cost, low-power, low-rate IoT devices, networks and applications. It has become one of the most famous IoT solutions for its smart home devices and appliances. Like every other technology, Zigbee is susceptible to different security vulnerabilities, regard...

Nowadays, connected vehicles have a major role in enhancing the driving experience. Connected vehicles in the network share their knowledge with the help of the network known as the Internet of Vehicles (IoV). However, connection through the network comes with risks ranging from privacy concerns to security vulnerabilities in the network. Inside ve...

Despite the potential deep learning (DL) algorithms have shown, their lack of transparency hinders their widespread application. Extracting if-then rules from deep neural networks is a powerful explanation method to capture nonlinear local behaviors. However, existing rule extraction methods suffer from inefficiency, incomprehensibility, infidelity...

The increasing use or abuse of online personal data leads to a big data breach challenge for individuals, businesses, and even the government. Due to the scale of online data and the uncertainty of human factors, it is not feasible to build a practical prevention approach for data breach incidents in a real-time manner. In addition, despite the exi...

With the fast and extensive development of computer vision techniques, multimodal analyses are utilized more frequently for online fake news detection. To better understand the image–text relationship and its role in fake news detection, in this article, we proposed and evaluated four image–text similarities, namely, textual similarity, semantic si...

The lack of appropriate cyber security measures deployed on IoT makes these devices prone to security issues. Consequently, the timely identification and detection of these compromised devices become crucial. Machine learning (ML) models which are used to monitor devices in a network have made tremendous strides. However, most of the research in pr...

With the increased usage of Internet of Things (IoT) devices in recent years, various Machine Learning (ML) algorithms have also developed dramatically for attack detection in this domain. However, the ML models are exposed to different classes of adversarial attacks that aim to fool a model into making an incorrect prediction. For instance, label...

A network intrusion detection system is an essential part of network security research. It detects intrusion behaviors through active defense technology and takes emergency measures such as alerting and terminating intrusions. To this end, with the rapid development of learning technology, various machine-learning-based and deep-learning-based appr...

As part of the incident response process, the memory forensics tools extract forensic artifacts and display them. Many memory forensics analysis tools are being developed to address the challenges of modern cybercrimes. Investigations are successful when they have an accurate analysis provided by a memory forensics tool that consumes resources reas...

A compromised Smart Grid, or its components, can have cascading effects that can affect lives. This has led to numerous cybersecurity-centric studies focusing on the Smart Grid in research areas such as encryption, intrusion detection and prevention, privacy and trust. Even though trust is an essential component of cybersecurity research; it has no...

This is my improved version of CIC-DoS2017. I do recommend using my improved version of the full CIC-NIDS collection rather than this individual dataset. It contains no metadata features, no duplicate samples, no samples with missing values and it is stored with optimized data types, significantly cutting down on storage requirements. This upload m...

Bitcoin mining is the process of generating new blocks in the Bitcoin blockchain. This process is vulnerable to different types of attacks. One of the most famous attacks in this category is selfish mining. This attack is essentially a strategy that a sufficiently powerful mining pool can follow to obtain more revenue than its fair share. The reaso...

The advances of Internet of Things (IoT) have had a fundamental impact and influence on sharping our rich living experiences. However, since IoT devices are usually resource-constrained, lightweight block ciphers have played a major role in serving as a building block for secure IoT protocols. In CHES 2015, SIMECK, a family of block ciphers, was de...

The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system administrators must correctly identify which devices are functional, need security updates, or a...

Android has become the target of attackers because of its popularity. The detection of Android mobile malware has become increasingly important due to its significant threat. Supervised machine learning, which has been used to detect Android malware is far from perfect because it requires a significant amount of labeled data. Since labeled data is...

The intrusion detection systems are a critical component of any cybersecurity infrastructure. With the increase in speed and density of network traffic, the intrusion detection systems are incapable of efficiently detecting these attacks. During recent years, deep neural networks have demonstrated their performance and efficiency in several machine...

The last decade has witnessed an unprecedented growth in online multimedia data. However, the manipulated and fake images have created fertile grounds for sowing online fake news. Consequently, online fact-checking has drawn more attention from academia and industry to detect and mitigate online fake news. Nevertheless, most of the online fact-chec...

Quantum key distribution, in principle, provides information-theoretic security based on the laws of quantum mechanics. Entanglement swapping offers a unique ability to create entanglement between qubits that have not previously interacted. Entanglement-swapping setup helps in building a side-channel-free Quantum key distribution. A receiver-device...

The increasing use or abuse of online personal data leads to a big data breach challenge for individuals, businesses, and even the government. Due to the scale of online data and the uncertainty of human factors, it is not feasible to build a practical prevention approach for data breach incidents in a real-time manner. In addition, despite the exi...

Researchers have already observed social contagion effects in both in-person and online interactions. However, such studies have primarily focused on users’ beliefs, mental states, and interests. In this article, we expand the state of the art by exploring the impact of social contagion on social alignment, i.e., whether the decision to socially al...

In the past few years, there has been an exponential growth in network and Internet traffic. This trend will continue to increase due to digitalization and resulting in more inter-connectivity among the users. Due to this, more data has started being treated as streaming data. This data distribution, mostly non-stationary, high-speed, and infinite...

Digital investigators need to evaluate their existing counter-anti-forensic tools to assess the reliability of their tools against attackers' anti-forensic tools. The evaluation enables them to choose more reliable defensive strategies against the attackers. Game-theoretic algorithms simulate the interactions that happen between an attacker and an...

Mobile crowdsensing (MCS) is a newly emerged sensing paradigm, where a large group of mobile workers collectively sense and share data for real-time services. However, one major problem that hinders the further development of MCS is the potential leakage of workers’ data privacy. In this article, we integrate federated learning (FL) with MCS and in...

Worker selection is always one of the most fundamental problems in Mobile Crowdsensing (MCS), since the reliability of workers’ sensing data is hugely significant to the service quality. In the worker selection process, it is inevitable for the workers to share some of their sensitive information. Consequently, numerous studies are conducted on the...

Over recent years, the development of online social media has dramatically changed the way people connect and share information. It is undeniable that social platform has promoted the quickest type of spread for fake stories. Almost all the current online fact-checking sources and researches are concentrating on the validating political content and...

Over recent years, the extensive development of information technology has dramatically advanced the way that people use the internet. The fast growth of the internet of things and mobile crowdsensing applications raise challenging security and privacy issues for the society. More often than before, malicious attackers exploit human vulnerability a...

Social interactions through online social media have become a daily routine of many, and the number of those whose real world (offline) and online lives have become intertwined is continuously growing. As such, the interplay of individuals' online and offline activities has been the subject of numerous research studies, the majority of which explor...

While encryption is powerful at protecting information, it critically relies upon the mystery/private cryptographic key’s security. Poor key management would compromise any robust encryption algorithm. In this way, securing information is reduced to the issue of securing such keys from unauthorized access. In this work, KeyShield is proposed, a sca...

Systems and methods are provided for determining the security risk associated with one or more users of a computer network. Users are monitored over time to build security related profiles which are employed to assess the risk they impose on the network. The user profiles , which may be computed as online and network user profiles for each user , a...

Malicious online advertisement detection has attracted increasing attention in recent years in both academia and industry. The existing advertising blocking systems are vulnerable to the evolution of new attacks and can cause time latency issues by analyzing web content or querying remote servers. This article proposes a lightweight detection syste...

Blockchain‐based applications provide many promising opportunities to overcome the challenges associated with the Internet of Things (IoT) ecosystems (eg, centralized architecture, data integrity, and reliability). In particular, blockchain technology offers many desirable features for IoT infrastructures, such as decentralization, trustworthiness,...

The advances of the Internet of Things (IoT) have had a fundamental impact and influence in sharping our rich living experiences. However, since IoT devices are usually resource-constrained, lightweight block ciphers have played a major role in serving as a building block for secure IoT protocols. In CHES 2015, SIMECK, a family of block ciphers, wa...

With the advances in computing powers and increasing volumes of data, deep learning’s emergence has helped revitalize artificial intelligence research. There is a growing trend of applying deep learning techniques to image processing, speech recognition, self-driving cars, and even health-care. Recently, several deep learning models have been emplo...

The rapid advance of Internet of Things (IoT) has enabled a new paradigm of sensing network, i.e., Mobile Crowdsensing (MCS). Primarily, in MCS systems, a crowd of participating mobile users, namely workers, are allocated by the MCS platforms to outsource their sensory data for specific tasks. Obviously, the reliability of workers and the trustabil...

Forensic science aims to present evidence in the courtroom, in a forensically sound manner. Therefore, forensic procedures must guarantee the provability, admissibility, accuracy, and authenticity of the case's evidence. However, anti-forensics threaten forensic procedures by forging, hiding, and even modifying remaining evidence in a crime scene....

The advance of Internet of Things (IoT) techniques has promoted an increasing number of organizations to explore more mission-critical solutions. However, the response latency, bandwidth usage, and reliability are still challenging issues in traditional IoT. To tackle these challenges, fog-based IoT has become popular and range query is one of the...

Over recent years, the extensive development of information technology has dramatically advanced the way that people use the internet. The fast growth of the internet of things and mobile crowdsensing applications raise challenging security and privacy issues for the society. More often than before, malicious attackers exploit human vulnerability a...

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challen...

Fog-enhanced IoT (Internet of Things) is a fast-growing technology in which many firms and industries are currently investing to develop their own real-time and low latency scenarios. Compared with the traditional IoT, fog-enhanced IoT can offer a higher level of efficiency and stronger security by providing local data pre-processing, filtering, an...

The ever increasing presence of online social networks in users’ daily lives has led to the interplay between users’ online and offline activities. There have already been several works that have studied the impact of users’ online activities on their offline behavior, e.g., the impact of interaction with friends on an exercise social network on th...