Nhien-An Le-Khac

Nhien-An Le-Khac
University College Dublin | UCD · School of Computer Science

PhD

About

287
Publications
180,292
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,087
Citations
Citations since 2017
190 Research Items
2715 Citations
20172018201920202021202220230200400600800
20172018201920202021202220230200400600800
20172018201920202021202220230200400600800
20172018201920202021202220230200400600800

Publications

Publications (287)
Conference Paper
Within recent years, mobile payment systems have been introduced, allowing smartphone users to complete financial transactions with their smartphones, including contactless payments at retail stores. As a per-son's financial transactions are indicative of their lifestyle, they are a potential source of data for criminal investigations. The items pu...
Article
Full-text available
Industrial control systems (ICS) often contain sensitive information related to the corresponding equipment being controlled and their configurations. Protecting such information is important to both the manufacturers and users of such ICSs. This work demonstrates an attack vector on industrial control systems where information can be exfiltrated t...
Chapter
Full-text available
Recent machine learning approaches have been effective in Artificial Intelligence (AI) applications. They produce robust results with a high level of accuracy. However, most of these techniques do not provide human-understandable explanations for supporting their results and decisions. They usually act as black boxes, and it is not easy to understa...
Article
Full-text available
Software Defined Networking (SDN) is an emerging network platform, which facilitates centralised network management. The SDN enables the network operators to manage the overall network consistently and holistically, regardless the complexity of infrastructure devices. The promising features of the SDN enhance network security and facilitate the impl...
Chapter
Reputed organisations are always prompting Data Warehouses (DWs), which are essential for storing and mining their historical datasets. When it comes to the healthcare industry, DWs are becoming ever so imperative, as efficient storage for medical data is vital for one’s health while mining it and seeking new insights. While clinical datasets are v...
Chapter
This chapter provides a high-level overview on databases including relational databases, database management systems and the structure query language (SQL). A database forensic process is also described, following by some examples of the database investigation. Concepts presented in this chapter are necessary for understanding the later chapters in...
Chapter
This chapter focuses on the examination of the Signal instant message application. It presents an integrated framework that covers the trigger of investigation to the final report. The framework is an iterative, real-time data flow centred framework. The framework outlines the options to obtaining, monitoring and capturing Signal data flow in real-...
Chapter
While digital forensics (or referred to as cyber forensics in recent times) play an increasingly important role in our current society (or ‘metaverse’), the role of databases in data/evidence acquisition cannot be understated. Therefore, this edited book focuses on a number of operational challenges in identifying and acquiring data of forensic or...
Chapter
This chapter focusses on the examination of seized iPhones for the data loss when the extraction is delayed. For law enforcement today, very few crimes are committed without having some nexus to a mobile device, and as such, mobile devices play a critical evidentiary role for investigations. More recently, law enforcement digital forensic labs have...
Chapter
The use of Internet of Things (IoT) devices in and around the houses has grown enormously in recent years. One of the IoT devices that is being widely used is the smart doorbell also named a video doorbell. Lots of people buy a video doorbell to increase security and or for the prevention. In the context of digital forensics, more video doorbells,...
Chapter
Internet is widely used in the world and its popularity has grown significantly since 90s of the last century. In 1994, only around 0.04% of the world’s population (~25 million users) had Internet access. By the end of 2021, over 53% (~5 billion users) of the world’s population had access to the Internet, almost 800,000 new users each day (https://...
Chapter
This chapter focuses on the examination of the qTox message application. Recently, there have been a lot of child exploitation activities where the suspects use amongst other things an E2EE messenger called qTox (using the tox-protocol) for their communication to other offenders. The tox-protocol is an encrypted open source peer-to-peer network pro...
Chapter
This chapter focuses on the examination of PyBitmessage Messenger. The Bitmessage protocol, which the PyBitmessage Messenger is based on has been developed with the aspiration of preventing all of the investigations approaches. Also, cybercriminals have become aware of this messaging protocol. This chapter describes how to gather pieces of informat...
Article
Full-text available
Current state-of-the-art point cloud data management (PCDM) systems rely on a variety of parallel architectures and diverse data models. The main objective of these implementations is achieving higher scalability without compromising performance. This paper reviews the scalability and performance of state-of-the-art PCDM systems with respect to bot...
Article
Full-text available
State-of-the-art remote sensing image management systems adopt scalable databases and employ sophisticated indexing techniques to perform window and containment queries. Many rely on space-filling curve (SFC) based index techniques designed for key-value databases and are predominantly employable for images that are iso-oriented. Critically, these...
Data
InSDN dataset Elsayed, Mahmoud Said, Nhien-An Le-Khac, and Anca D. Jurcut. "InSDN: A novel SDN intrusion dataset." IEEE Access 8 (2020): 165263-165284.
Preprint
Full-text available
Recent machine learning approaches have been effective in Artificial Intelligence (AI) applications. They produce robust results with a high level of accuracy. However, most of these techniques do not provide human-understandable explanations for supporting their results and decisions. They usually act as black boxes, and it is not easy to understa...
Article
Deploying robust machine learning models has to account for concept drifts arising due to the dynamically changing and non-stationary nature of data. Addressing drifts is particularly imperative in the security domain due to the ever-evolving threat landscape and lack of sufficiently labeled training data at the deployment time leading to performan...
Article
In recent years, data science has evolved significantly. Data analysis and mining processes become routines in all sectors of the economy where datasets are available. Vast data repositories have been collected, curated, stored, and used for extracting knowledge. And this is becoming commonplace. Subsequently, we extract a large amount of knowledge...
Preprint
Full-text available
In recent years, data science has evolved significantly. Data analysis and mining processes become routines in all sectors of the economy where datasets are available. Vast data repositories have been collected, curated, stored, and used for extracting knowledge. And this is becoming commonplace. Subsequently, we extract a large amount of knowledge...
Preprint
Deploying robust machine learning models has to account for concept drifts arising due to the dynamically changing and non-stationary nature of data. Addressing drifts is particularly imperative in the security domain due to the ever-evolving threat landscape and lack of sufficiently labeled training data at the deployment time leading to performan...
Preprint
Full-text available
Cryptocurrency has been (ab)used to purchase illicit goods and services such as drugs, weapons and child pornography (also referred to as child sexual abuse materials), and thus mobile devices (where cryptocurrency wallet applications are installed) are a potential source of evidence in a criminal investigation. Not surprisingly, there has been inc...
Article
In an Internet of Things (IoT) environment, IoT devices are typically connected through different network media types such as mobile, wireless and wired networks. Due to the pervasive nature of such devices, they are a potential evidence source in both civil litigation and criminal investigations. It is, however, challenging to identify and acquire...
Chapter
Acquisition of non-volatile or volatile memory is traditionally the first step in the forensic process. This approach has been widely used in mobile device investigations. However, with the advance of encryption techniques applied by default in mobile operating systems, data access is more restrictive. Investigators normally do not have administrat...
Article
Full-text available
Machine Learning and Deep Learning methods are widely adopted across financial domains to support trading activities, mobile banking, payments, and making customer credit decisions. These methods also play a vital role in combating financial crime, fraud, and cyberattacks. Financial crime is increasingly being committed over cyberspace, and cybercr...
Conference Paper
Acquisition of non-volatile or volatile memory is a popular approach in the forensic process as a first step of data acquisition. This approach has been widely used in mobile device investigations. However, with the advance of encryption techniques applied by default in mobile operating systems, data access is more restrictive. Investigators normal...
Article
Full-text available
In digital agriculture, agronomists are required to make timely, profitable and more actionable precise decisions based on knowledge and experience. The input can be cultivated and related agricultural data, and one of them is text data, including news articles, business news, policy documents, or farming notes. To process this kind of data, identi...
Article
Full-text available
Internet of Things (IoT) is becoming the new frontier in digital forensics due to the abundance of IoT devices appearing in day-today life. The diversity and complexity of IoT ecosystems pose a considerable challenge to digital investigators that demand novel approaches. Electromagnetic side-channel analysis (EM-SCA) has been proposed as a promisin...
Article
Full-text available
Point density is an important property that dictates the usability of a point cloud data set. This paper introduces an efficient, scalable, parallel algorithm for computing the local point density index, a sophisticated point cloud density metric. Computing the local point density index is non-trivial, because this computation involves a neighbour...
Article
Full-text available
Machine Learning methods are playing a vital role in combating ever-evolving threats in the cybersecurity domain. Explanation methods that shed light on the decision process of black-box classifiers are one of the biggest drivers in the successful adoption of these models. Explaining predictions that address ‘Why?/Why Not?’ questions help users/sta...
Article
Background and Objective: Cloud computing has the ability to offload processing tasks to a remote computing resources. Presently, the majority of biomedical digital signal processing involves a ground-up approach by writing code in a variety of languages. This may reduce the time a researcher or health professional has to process data, while increa...
Data
This is a comprehensive Electromagnetic side-channel dataset representing a diverse collection of popular IoT devices and smartphones. The presented dataset is used to demonstrate the potential usage of machine learning models to recognise device behaviour. A total of 8 main smart device types were used for the creation of the dataset, including sm...
Preprint
The MITRE Corporation is an American non-profit organization that has made substantial efforts into creating and maintaining knowledge bases relevant to cybersecurity and has been widely adopted by the community. ATT&CK ”Adversarial Tactics, Techniques, and Common Knowledge” is a popular taxonomy by MITRE, which describes threat actor behaviors. Te...
Conference Paper
Full-text available
Software-Defined Networking (SDN) is a promising technology for the future Internet. However, the SDN paradigm introduces new attack vectors that do not exist in the conventional distributed networks. This paper develops a hybrid Intrusion Detection System (IDS) by combining the Convolutional Neural Network (CNN) and Long Short-Term Memory Network...
Conference Paper
In a previous work, a clustering-based method had been incorporated with the latent feature space of an autoencoder to discover sub-classes of normal data for anomaly detection. However, the work has the limitation in manually setting up the numbers of clusters in the normal training data. Finding a proper number of clusters in datasets is often am...
Article
Full-text available
Electromagnetic (EM) side-channel radiation from Internet of Things (IoT) devices are shown to be effective at acquiring forensic insights during digital investigations. These EM radiation patterns can be analysed with the help of machine learning algorithms to detect internal behaviours of IoT devices, which can be relevant to an investigation. Ho...
Article
With the rapid increase in mobile phone storage capacity and penetration, digital forensic investigators face a significant challenge in quickly identifying relevant examinable files within a plethora of uninteresting OS and application files extracted by forensic tools. This challenge can have serious adverse effects in time critical cases, and ca...
Article
Full-text available
Software-defined networking (SDN) is a new networking paradigm that separates the controller from the network devices i.e. routers and switches. The centralised architecture of the SDN facilitates the overall network management and addresses the requirement of current data centres. While there are high benefits offered by the SDN architecture, the...
Conference Paper
Full-text available
Recent growth in domain specific applications of machine learning can be attributed to availability of realistic public datasets. Real world datasets may always contain sensitive information about the users, which makes it hard to share freely with other stake holders, and researchers due to regulatory and compliance requirements. Synthesising dat...
Chapter
Recent growth in domain specific applications of machine learning can be attributed to availability of realistic public datasets. Real world datasets may always contain sensitive information about the users, which makes it hard to share freely with other stake holders, and researchers due to regulatory and compliance requirements. Synthesising data...
Chapter
Full-text available
Social media is a cybersecurity risk for every business. What do people share on the Internet? Almost everything about oneself is shared: friendship, demographics, family, activities and work-related information. This could become a potential risk in every business if the organisation’s policies, training and technology fail to properly address the...
Preprint
Full-text available
On a daily basis, law enforcement officers struggle with suspects using mobile communication applications for criminal activities. These mobile applications replaced SMS-messaging and evolved the last few years from plain-text data transmission and storage to an encrypted version. Regardless of the benefits for all law abiding citizens, this is con...
Article
Full-text available
Automated facial age estimation has drawn increasing attention in recent years. Several applications relevant to digital forensic investigations include the identification of victims, suspects and missing children, and the decrease of investigators' exposure to psychologically impacting material. Nevertheless, due to the lack of accurately labelled...
Preprint
Full-text available
The humanities, like many other areas of society, are currently undergoing major changes in the wake of digital transformation. However, in order to make collection of digitised material in this area easily accessible, we often still lack adequate search functionality. For instance, digital archives for textiles offer keyword search, which is fairl...
Preprint
Full-text available
Social Media is a cyber-security risk for every business. What do people share on the Internet? Almost everything about oneself is shared: friendship, demographics, family, activities, and work-related information. This could become a potential risk in every business if the organization's policies, training and technology fail to properly address t...
Article
Full-text available
Instant messaging (IM) has been around for decades now. Over the last few decades IM has become more and more popular with varied protocols, both open source and closed source. One of the new recent open source ones is the Matrix protocol with the first stable version released in 2019 and the IM application based on this protocol is "Riot.im". In r...
Article
Full-text available
File type identification (FTI) has become a major discipline for anti-virus developers, firewall designers and for forensic cybercrime investigators. Over the past few years, research has seen the introduction of several classifiers and features. One of these advances is the so-called n-grams analysis, which is an interpretation of statistical coun...
Data
InSDN is a comprehensive Software-Defined Network (SDN) dataset for Intrusion detection system evaluation. The new dataset includes the benign and various attack categories that can occur in different elements of the SDN standard. InSDN considers different attack, including DoS, DDoS, brute force attack, web applications, exploitation, probe, and b...
Chapter
Kodi is of one of the world’s largest open-source streaming platforms for viewing video content. Easily installed Kodi add-ons facilitate access to online pirated videos and streaming content by facilitating the user to search and view copyrighted videos with a basic level of technical knowledge. In some countries, there have been paid child sexual...
Article
Full-text available
The humanities, like many other areas of society, are currently undergoing major changes in the wake of digital transformation. However, in order to make collection of digitised material in this area easily accessible, we often still lack adequate search functionality. For instance, digital archives for textiles offer keyword search, which is fairl...
Article
Full-text available
The increasing use of smartphones has increased their presence in legal and corporate investigations. Unlike desktop and laptop computers, forensic analysis of smartphones is a challenging task due to their limited interfaces to retrieve information of forensic value. Electromagnetic side-channel analysis (EM-SCA) has been recently proposed as an a...
Chapter
In an Internet of Things (IoT) environment, IoT devices are typically connected through different network media types such as mobile, WiFi and wired networks. Due to the pervasive nature of such devices, they are a potential evidence source in both civil litigation and criminal investigations. It is, however, challenging to identify and acquire for...
Article
Full-text available
The novel severe acute respiratory syndrome coronavirus 2 and its associated disease, COVID-19, have increased the amount of time that people spend working from home and in social isolation. In 2020, the number of users worldwide who relied on the Internet for work, education, and entertainment increased significantly. This growth is causing a subs...
Conference Paper
Full-text available
Today traditional communication methods, such as SMS or phone calls, are used less often and are replaced by the use of chat applications. WhatsApp is one of the most popular chat applications nowadays. WhatsApp offers different ways of communicating, which include sending text messages and making phone calls. The implementation of encryption makes...
Conference Paper
Although tools for tracking and monitoring illegal networks have been developed for centuries, current methods available at the moment still need continues improvement. This is due to the fact that tracking and monitoring illegal networks in the cyberspace has become increasingly challenging for law enforcement agencies due to sophisticated encrypt...
Conference Paper
In many organisations there are up to 15 security controls that help defenders accurately identify and prioritise information security risks. Due to the lack of clarity into the effectiveness and capabilities of these defences, and poor visibility to overall risk posture has led to a crisis of prioritisation. Lately, organisations rely on scenario...
Conference Paper
Full-text available
Kodi is of one of the world's largest open-source streaming platforms for viewing video content. Easily installed Kodi add-ons facilitate access to online pirated videos and streaming content by facilitating the user to search and view copyrighted videos with a basic level of technical knowledge. In some countries, there have been paid child sexual...
Preprint
Kodi is of one of the world's largest open-source streaming platforms for viewing video content. Easily installed Kodi add-ons facilitate access to online pirated videos and streaming content by facilitating the user to search and view copyrighted videos with a basic level of technical knowledge. In some countries, there have been paid child sexual...
Preprint
Full-text available
Swift response to the detection of endangered minors is an ongoing concern for law enforcement. Many child-focused investigations hinge on digital evidence discovery and analysis. Automated age estimation techniques are needed to aid in these investigations to expedite this evidence discovery process, and decrease investigator exposure to traumatic...
Preprint
Full-text available
Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper...
Article
Full-text available
In recent years, precision agriculture is becoming very popular. The introduction of modern information and communication technologies for collecting and processing Agricultural data revolutionise the agriculture practises. This has started a while ago (early 20th century) and it is driven by the low cost of collecting data about everything; from i...
Article
Full-text available
Consumers and organizations often rely on permissions requested during the installation of mobile applications (apps) and on official privacy policies to determine how safe an app is and decide whether the app producer is acting ethically or not. This research raises several concerns about the collection and sharing of personal data conducted by mo...
Preprint
Full-text available
Nowadays, a huge amount of knowledge has been amassed in digital agriculture. This knowledge and know-how information are collected from various sources, hence the question is how to organise this knowledge so that it can be efficiently exploited. Although this knowledge about agriculture practices can be represented using ontology, rule-based expe...
Chapter
Full-text available
Nowadays, a huge amount of knowledge has been amassed in digital agriculture. This knowledge and know-how information are collected from various sources, hence the question is how to organise this knowledge so that it can be efficiently exploited. Although this knowledge about agriculture practices can be represented using ontology, rule-based expe...
Chapter
Full-text available
A novel hybrid approach between clustering methods and autoencoders (AEs) is introduced for detecting network anomalies in a semi-supervised manner. A previous work has developed regularized AEs, namely Shrink AE (SAE) and Dirac Delta Variational AE (DVAE) that learn to represent normal data into a very small region being close to the origin in the...
Conference Paper
Anomaly detection aims to discover patterns in data that do not conform to the expected normal behaviour. One of the significant issues for anomaly detection techniques is the availability of labeled data for training/validation of models. In this paper, we proposed a hyper approach based on Long Short Term Memory (LSTM) autoencoder and One-class S...
Conference Paper
Full-text available
Anomaly detection aims to discover patterns in data that do not conform to the expected normal behaviour. One of the significant issues for anomaly detection techniques is the availability of labeled data for training/validation of models. In this paper, we proposed a hyper approach based on Long Short Term Memory (LSTM) autoencoder and One-class S...
Conference Paper
Full-text available
With the rapid technological advancements, organizations need to rapidly scale up their information technology (IT) infrastructure viz. hardware, software, and services, at a low cost. However, the dynamic growth in the network services and applications creates security vulnerabilities and new risks that can be exploited by various attacks. For exa...
Article
Full-text available
Software-Defined Network (SDN) has been developed to reduce network complexity through control and manage the whole network from a centralized location. Today, SDN is widely implemented in many data center’s network environments. Nevertheless, emerging technology itself can lead to many vulnerabilities and threats which are still challenging for ma...
Article
Full-text available
On a daily basis, law enforcement officers struggle with suspects using mobile communication applications for criminal activities. These mobile applications replaced SMS-messaging and evolved the last few years from plain-text data transmission and storage to an encrypted version. Regardless of the benefits for all law abiding citizens, this is con...
Conference Paper
Full-text available
Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper...
Article
Full-text available
The massive amounts of spatio-temporal information often present in LiDAR data sets make their storage, processing, and visualisation computationally demanding. There is an increasing need for systems and tools that support all the spatial and temporal components and the three-dimensional nature of these datasets for effortless retrieval and visual...
Preprint
Full-text available
With the rapid technological advancements, organizations need to rapidly scale up their information technology (IT) infrastructure viz. hardware, software, and services, at a low cost. However, the dynamic growth in the network services and applications creates security vulnerabilities and new risks that can be exploited by various attacks. For exa...