Mohammad Zulkernine’s research while affiliated with University of Northern Iowa and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (257)


DSADA: Detecting Spoofing Attacks in Driver Assistance Systems Using Objects’ Spatial Shapes
  • Article

February 2025

·

6 Reads

ACM Transactions on Autonomous and Adaptive Systems

·

Mohammad Zulkernine

Object detection algorithms suffer from a perceptual vulnerability where they cannot differentiate between counterfeit and real objects. In this paper, we investigate the perceptual vulnerability in advanced driver assistance systems (ADAS) when faced with physical and digital spoofing attacks. To address this vulnerability, we propose a method named DSADA (Detecting Spoofing Attacks in Driver Assistance) to mitigate creation and misclassification spoofing attacks against object detection algorithms utilizing the LiDAR point clouds and objects’ spatial shapes. DSADA receives the outcomes of the object detection algorithm along with the corresponding LiDAR point clouds for each scene. DSADA exploits the spatial shapes of objects obtained from the point clouds to cross-validate the outcomes of the object detection algorithm. Any discrepancy results in generating an alert to warn about the spoofing attack. We analyze defense-aware and unaware attacks against DSADA. The evaluation results show the effectiveness of the suggested method with a true positive rate of 100% and a low false positive rate of only 3.97%. The comparative evaluation validates that the suggested method identifies a broader range of spoofed objects, including projected, displayed and printed ones, while narrowing the scope of potential attacks to familiar objects in the driving context.


Detecting Poisoning Attacks in Collaborative IDSs of Vehicular Networks Using XAI and Shapley Value

September 2024

·

12 Reads

·

1 Citation

ACM Journal on Autonomous Transportation Systems

Machine learning-based Intrusion Detection Systems (IDSs) for vehicle networks can collaborate to enhance their performance by sharing crucial decisions when individual datasets lack diversity, which hinders effective model training. However, such collaborative coalitions are vulnerable to poisoning attacks, where certain members tamper with training data, leading to wrong predictions by the IDSs. The current solutions to this problem have the following issues: 1) They require accessing the training dataset of IDSs, which raises critical privacy concerns; 2) Their heavy reliance on voting mechanisms may exclude clients and fail to detect malicious coalition members when attackers form the majority coalition; and 3) The verification process can potentially expose sensitive information, posing privacy risks. To address these issues and improve the resilience of collaborative IDSs against poisoning attacks, we propose a novel approach that combines XAI (Explainable AI) technology with Shapley value from cooperative game theory. XAI justifies IDS decisions, while the Shapley value identifies poisoning attacks in training datasets by capturing contradictions between explanations and decisions. We tested our implementation using a publicly available dataset and various machine learning models (e.g., RFC, SVM and LSTM). Our results prove highly promising in detecting poisoning attacks and overcoming the flaws in existing solutions.




VeriBin: A Malware Authorship Verification Approach for APT Tracking through Explainable and Functionality-Debiasing Adversarial Representation Learning

July 2024

·

11 Reads

ACM Transactions on Privacy and Security

·

Steven Ding

·

Mohammad Zulkernine

·

[...]

·

Sarah Labrosse

Malware attacks are posing a significant threat to national security, cooperate network and public endpoint security. Identifying the Advanced Persistent Threat (APT) groups behind the attacks and grouping their activities into attack campaigns help security investigators trace their activities thus providing better security protections against future attacks. Existing Cyber Threat Intelligent (CTI) components mainly focus on malware family identification and behaviour characterization, which cannot solve the APT tracking problem: while APT tracking needs one to link malware binaries of multiple families to a single threat actor, these behavior or function-based techniques are tightened up to a specific attack technique and would fail on connecting different families. Binary Authorship Attribution (AA) solutions could discriminate against threat actors based on their stylometric traits. However, AA solutions assume that the author of a binary is within a fixed candidate author set. However, real-world malware binaries may be created by a new unknown threat actor. To address this research gap, we propose VeriBin for the Binary Authorship Verification (BAV) problem. VeriBin is a novel adversarial neural network that extracts functionality-agnostic style representations from assembly code for the AV task. The extracted style representations can be visualized and are explainable with VeriBin’s multi-head attention mechanism. We benchmark VeriBin with state-of-the-art coding style representations on a standard dataset and a recent malware-APT dataset. Given two anonymous binaries of out-of-sample authors, VeriBin can accurately determine whether they belong to the same author or not. VeriBin is resilient to compiler optimizations and robust against malware family variants.







Citations (62)


... Further research could explore the unique challenges of applying XAI techniques in domains such as the Internet of Things (IoT) [26], where explanations need to account for and adapt to highly heterogeneous environments. Similarly, in Intelligent Connected Vehicles (ITS) [27], the focus could be on tailoring explanations to end users who are not technical administrators but are still interested in understanding potential attacks [28]. ...

Reference:

Post-Hoc Categorization Based on Explainable AI and Reinforcement Learning for Improved Intrusion Detection
Detecting Poisoning Attacks in Collaborative IDSs of Vehicular Networks Using XAI and Shapley Value
  • Citing Article
  • September 2024

ACM Journal on Autonomous Transportation Systems

... The growing body of research underscores the need for efficient and accurate monitoring systems to enhance AI models for social good [18][19][20]. This paper builds upon previous work by developing a CNN-based framework to detect weapon imagery on social media, contributing to safer digital environments [21][22][23]. In contrast to the previously referenced studies, which employ text analysis, text extraction from images, and a combination of text analysis and images to detect cyberbullying, our approach is exclusively focused on image analysis. ...

Detection of Cyberbullying in Social Media Texts Using Explainable Artificial Intelligence
  • Citing Chapter
  • March 2024

Communications in Computer and Information Science

... Moving beyond Mobile Ad Hoc Networks (MANETs), [1] which primarily aim to facilitate communication between vehicles, we have Vehicular Ad-hoc Networks (VANETs) [2]. VANETs are networks that are self-organizing and comprised of vehicles. ...

A VeReMi-based Dataset for Predicting the Effect of Attacks in VANETs
  • Citing Conference Paper
  • October 2023

... Pacemaker devices are vulnerable to several factors that could potentially compromise patient safety and privacy, which includes the integration of wireless capabilities, the lack of comprehensive security measures, and the limitations of the embedded systems. The presence of wireless capabilities enables remote monitoring and adjustment of the pacemakers [19], [21], [30], which also introduce new attack surfaces that were not present in older pacemaker models. This vulnerability could allow attackers to reprogram the pacemaker, deplete its battery life, or even induce shock into patients' hearts, thereby causing severe risks to the patients' well-being. ...

Beyond Smart Homes: An In-Depth Analysis of Smart Aging Care System Security
  • Citing Article
  • July 2023

ACM Computing Surveys

... emphasizing the importance of taking proactive measures to combat evolving security threats on Android devices.In their research article[2], Farnood Faghihi et al. address the issue of Android malware in IoT devices. The main issues are a lack of interpretability in malware detection results, increased code complexity, and evasion strategies like obfuscation. ...

AIM: An Android Interpretable Malware detector based on application class modeling
  • Citing Article
  • June 2023

Journal of Information Security and Applications

... This has led to the proposal of explainable techniques that pinpoint relevant features contributing to a program's vulnerability [55], [56], [57]. Asm2Seq [58] and VulANalyzeR [59] took this concept further by introducing explainable deep learning-based approaches for identifying binary vulnerabilities in source code. Notably, VulANalyzeR [59] employed an attention-based explainable mechanism to unearth the root cause of vulnerabilities. ...

Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis
  • Citing Article
  • May 2023

Digital Threats Research and Practice

... The two bits after the data field are the sign/status matrix, which indicates either the status of the transmitting device or arXiv:2408.16714v1 [cs.CR] 29 Aug 2024 [3] to software-simulated buses [4]. However, there is comparatively little research on ARINC 429 and AFDX, the primary standards used in commercial avionics, and recent work has more commonly focused on the more modern ethernet-based AFDX design [5]. ...

SV1DUR: A Real-Time MIL-STD-1553 Bus Simulator with Flight Subsystems for Cyber-Attack Modeling and Assessments
  • Citing Conference Paper
  • November 2022

... The two bits after the data field are the sign/status matrix, which indicates either the status of the transmitting device or arXiv:2408.16714v1 [cs.CR] 29 Aug 2024 [3] to software-simulated buses [4]. However, there is comparatively little research on ARINC 429 and AFDX, the primary standards used in commercial avionics, and recent work has more commonly focused on the more modern ethernet-based AFDX design [5]. ...

A Review and Analysis of Attack Vectors on MIL-STD-1553 Communication Bus
  • Citing Article
  • December 2022

IEEE Transactions on Aerospace and Electronic Systems

... Like SUMIT, D2D-MAP [12] leverages PUFs to establish secure communication among drones; yet D2D-MAP employs a single session key for encrypting all data, potentially exposing sensitive information to unauthorized entities, and thus risking data leakage. The PUF-based secure communication and data integrity solution proposed in [13] is not applicable to our problem as such method requires synchronization of nodes through GPS which is not always guaranteed in IoMT. ...

D2D-MAP: A Drone to Drone Authentication Protocol Using Physical Unclonable Functions
  • Citing Article
  • January 2022

IEEE Transactions on Vehicular Technology