
Shahid AlamUniversity of Ha'il · College of Computer Science and Engineering
Shahid Alam
Doctor of Philosophy
Looking for collaborators in AI and Cybersecurity. Specifically AI to improve forensic and malware analysis.
About
44
Publications
28,038
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
530
Citations
Introduction
Additional affiliations
February 2018 - April 2024
September 2014 - November 2016
November 2016 - December 2017
Education
September 2007 - August 2014
University of Victoria
Field of study
- Computer Science
Publications
Publications (44)
In this rapidly changing age, with virtually all information available on the Internet including courses, students may not find any reason to physically attend the lectures. In spite of the many benefits the online lectures and materials bring to teaching, this drift from the traditional (norm) face-to-face lectures is also creating further barrier...
In this paper we examine two issues and propose solutions to resolve them. The first is the automation of model evolution and the second is the support of software evolution in modeling languages. We extend object constraint language with actions and define a new language constraints with action language (CAL), which gives a user the ability to use c...
In this paper we present an automated support for software model evolution using a formal language constructs. For this, we extended Object Constraint Language (OCL) with actions to define a new language - CAL (Constraint with Action Language), which gives users the ability to evaluate objects change a-priori. We have added a data type, directed ac...
Artificial Intelligence (AI) is being applied to improve the efficiency of software systems used in various domains, especially in the health and forensic sciences. Explainable AI (XAI) is one of the fields of AI that interprets and explains the methods used in AI. One of the techniques used in XAI to provide such interpretations is by computing th...
With the rise of complex cyber devices such as smartphones, Internet of Things, and control systems in automotive and drones, the proliferation of operating systems and file formats, pervasive encryption, use of the cloud for remote processing and storage, and legal standards, Cyber Forensics (CF) is facing many new challenges. For example, there a...
One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel...
This paper introduces and presents a new language named MAIL (Malware Analysis Intermediate Language). MAIL is basically used for building malware analysis and detection tools. MAIL provides an abstract representation of an assembly program and hence the ability of a tool to automate malware analysis and detection. By translating binaries compiled...
The proliferation of smartphones has given exponential rise to the number of new mobile malware. These malware programs are employing stealthy obfuscations to hide their malicious activities. To perform malicious activities a program must make application programming interface (API) calls. Unlike dynamic, static analysis can find all the API call p...
The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace...
With increasing quantity and sophistication, malicious code is becoming difficult to discover and analyze. Modern NLP (Natural Language Processing) techniques have significantly improved, and are being used in practice to accomplish various tasks. Recently, many research works have applied NLP for finding malicious patterns in Android and Windows a...
The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new to...
The Ubiquitous nature of smartphones has significantly increased the use of social media platforms, such as Facebook, Twitter, TikTok, and LinkedIn, etc., among the public, government, and businesses. Facebook generated ~70 billion USD in 2019 in advertisement revenues alone, a ~27% increase from the previous year. Social media has also played a st...
Code clones are frequent in use because they can be created fast with little effort and expense. Especially for malware writers, it is easier to create a clone of the original than writing a new malware. According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, and the number of new mobile malware c...
With the rise of social media, it has become easier to disseminate fake news faster and cheaper, compared to traditional news media, such as television and newspapers. Recently this phenomenon has attracted lot of public attention, because it is causing significant social and financial impacts on their lives and businesses. Fake news are responsibl...
The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new to...
According to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively (~99%) on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature-based detectors. In addition, the plethora of more so...
Humans possess a large amount of, and almost limitless, visual memory, that assists them to remember pictures far better than words. This phenomenon has recently motivated the computer security researchers' in academia and industry to design and develop graphical user identification systems (GUISs). Cognometric GUISs are more memorable than drawmet...
According to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively ~99% on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature based detectors. In addition, the plethora of more soph...
Metamorphism is a technique that mutates the binary code using different obfuscations and never keeps the same sequence of
opcodes in the memory. This stealth technique provides the capability to a malware for evading detection by simple signature-based
(such as instruction sequences, byte sequences and string signatures) anti-malware programs. In...
Processors are unable to achieve significant gains in speed using the conventional methods. For example increasing the clock rate increases the average access time to on-chip caches which in turn lowers the average number of instructions per cycle of the processor. On-chip memory system will be the major bottleneck in future processors. Software-ma...
Metamorphism is a technique that mutates the binary code using different obfuscations. It is difficult to write a new metamorphic malware and in general malware writers reuse old malware. To hide detection the malware writers change the obfuscations (syntax) more than the behavior (semantic) of such a new malware. On this assumption and motivation,...
Dynamic binary obfuscation or metamorphism is a technique where a malware never keeps the same sequence of opcodes in the memory. This stealthy mutation technique helps a malware evade detection by today’s signature-based anti-malware programs. This paper analyzes the current trends, provides future directions and reasons about some of the basic ch...
With the advent of Internet of Things, we are facing another wave of malware attacks, that encompass intelligent embedded devices. Because of the limited energy resources, running a complete malware detector on these devices is quite challenging. There is a need to devise new techniques to detect malware on these devices. Malware detection is one o...
This paper presents a comparative study to evaluate and compare Fortran with the two most popular
programming languages Java and C++. Fortran has gone through major and minor extensions in the
years 2003 and 2008. (1) How much have these extensions made Fortran comparable to Java and ++?
(2) What are the differences and similarities, in supporting...
Because of the financial and other gains attached with the growing malware industry, there is a need to automate the process of malware analysis and provide real-time malware detection. To hide a malware, obfuscation techniques are used. One such technique is metamorphism encoding that mutates the dynamic binary code and changes the opcode with eve...
The latest stealth techniques, such as metamorphism, allow malware to evade detection by today’s signature-based anti-malware programs. Current techniques for detecting malware are compute intensive and unsuitable for real-time detection. Techniques based on opcode patterns have the potential to be used for real-time malware detection, but have the...
Dynamic binary obfuscation or metamorphism is a technique where a malware never keeps the same sequence of opcodes in the memory. Such malware are very difficult to analyse and detect manually even with the help of tools. We need to automate the analysis and detection process of such malware. This paper introduces and presents a new language named...
Model evolution is a continuous software life cycle process, and its automation can reduce human effort needed and minimize potential error due to the evolution. In this paper we present a formal language constructs to support software model evolution. We have extended Object Constraint Language (OCL) with actions to define a new language called E-...
Processors are unable to achieve significant gains in speed using the conventional methods. For example increasing the clock rate increases the average access time to on-chip caches which in turn lowers the average number of instructions per cycle of the processor. On-chip memory system will be the major bottleneck in future processors. Software ma...
Processors are unable to achieve significant gains in speed using the conventional methods. For example increasing the clock rate increases the average access time to on-chip caches which in turn lowers the average number of instructions per cycle of the processor. On-chip memory system will be the major bottleneck in future processors. Software-ma...
Since the advent of model driven software engineering (MDSE) it has become necessary to develop techniques and tools for model evolution. In this paper we examine two issues and propose a solution to resolve them. The first is the automation of model evolution and the second is the support of software evolution in modeling languages. We extend Obje...
In this paper we examine two issues and propose solutions to resolve them. The first is the automation of model evolution and the second is the support of software evolution in modeling languages. We extend Object Constraint Language (OCL) with actions and define a new language CAL (Constraints with Action Language), which gives a user the ability...
In software and hardware design projects teams need to collaborate with each other by sharing their design data. When the teams are geographically apart, as is the case in new global economy, the need to share data on a daily basis becomes the norm. This paper proposes a novel scheme and implements a tool that allows sharing of hardware design data...
This paper examines the automation of model evolution with emphasis on impact analysis in modeling languages. We have extended Object Constraint Language (OCL) with actions and define a new language CAL (Constraints with Action Language), which gives a user the ability to use constraints with actions on design models. To automate and optimize impac...
Questions
Question (1)
JavaScript is a very popular language and is used in all the social networking sites. It can also be used for malicious purposes (mostly as part of cross site scripting), such as: distributing malware, directing to malicious web sites, popup windows etc. Such a code is normally obfuscated to hide it from automatic detection. As part of my research I am conducting a study on the types of javascript obfuscations and malicious code to automate it's detection statically.