Mohammad Mehdi Ahmadian

Mohammad Mehdi Ahmadian
Amirkabir University of Technology | TUS · Department of Computer Engineering and Information Technology

PhD Candidate


How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
M. Mehdi Ahmadian is a Ph. D. candidate for information security in the Department of Computer Engineering and Information Technology of Amirkabir University of Technology, Tehran, Iran. He received his B.S. degree in computer engineering in 2012 and his M.S. degree in information security in 2015. His research focused on computer and network security, industrial control systems security, and cyber-physical systems security.


Publications (8)
Full-text available
In these years, one of the challenges I faced in compiling reports, presentations, and lectures was the lack of aphorism and quotes in cybersecurity. Quotes and meaningful but straightforward lessons could help the narrator to be concise but convey the meaning thoroughly. Generally, lessons use parables and examples a lot. Once Albert Einstein said...
In recent years, the number of cyber-physical incidents in industrial control systems (ICSs) has increased. Providing a framework for ICS threat intelligence is of utmost importance because of the critical role of ICSs in the nations' critical infrastructures. In this paper, after a short review of various threats and security incidents’ taxonomies...
Full-text available
Since the first sample of ransomware got publicly available among anti-malware industry community, until now we can observe an exponential growth of species especially recently. During recent years, ransomware field research papers focused on both detection and prevention techniques, though each of which has some drawbacks such as not considering t...
Conference Paper
Full-text available
Nowadays, hybrid cryptosystem ransomware, as well as botnets, utilize domain-generation algorithms to communicate with the command and control (C&C) server to exchange public key and perform their malicious actions. We present an approach for detecting domain-generation-algorithm-based ransomware for the first time. By running instances of this typ...
Conference Paper
Ransomwares have become a growing threat since 2012, and the situation continues to worsen until now. The lack of security mechanisms and security awareness are pushing the systems into mire of ransomware attacks. In this paper, a new framework called 2entFOX is proposed in order to detect high survivable ransomwares (HSR). To our knowledge this fr...
Conference Paper
Ransomwares have become a growing threat in recent years, and this situation continues to worsen. It rose awareness on a particular class of malwares which extort a ransom in exchange for a captive asset. Most widespread ransomwares make an intensive use of data encryption. Basically, they encrypt various files on victim’s hard drives, removable dr...


Cited By


Projects (2)
In this project we proposed a framework for high survivable ransomwares detection based on twenty appropriate features. In 2entFOX, after providing data and preprocessor step we designed a detection system with the help of Bayesian belief network to use extracted features and their statistical possibilities. 2entFOX have some advantage and disadvantages: The valuable point of 2entFOX is the ability of HSRs detections unlike other detection tools which is related to extractive features. This framework helps us to evaluate and determine which sample can be a HSR. Although we suggest these twenty features for HSR detection but it is not obligated to only use these twenty features for HSR detection in 2netFOX; the feature set can be decreased or increased according to the security countermeasures, safeguards and HSRs evaluations, but every module of 2entFOX framework can be used in other driven systems. 2entFOX has been very powerful in new HSRs detection; Evaluations on new samples produced by Tox Virus show the high detection rate of the proposed framework. The reason of this high detection rate is that no HSR is able to bypass all of the extracted features with the help of defensive methods; To our knowledge if HSRs can bypass all of these features, they will not be able to bypass the VSS feature which is monitoring the behavior in the run-time mechanisms. Significant limitations of 2entFOX, is its weakness in LSRs detection, which in general does not have some heavyweight extracted features of HSRs. LSRs are not considered as a critical cyber threat for computer users due to the weakness in their system; without paying ransom and only with the help of malware analysis or reverse engineering methods also with the help of decrypted tools, encrypted data can be decrypted