Our research projects are generously supported by federal and other agencies/institutions. We list them as follows to acknowledge their support.

We are involved in a number of research areas in cybersecurity. Their references to our published work are mentioned here:

Digital Forensics

Memory Forensics

Kernel Pool Monitoring and the Integrity Checking of Function Pointers
Fast, Scalable and Lightweight Process Heap Analyzer
Compressed RAM and Live Forensics
Integrity Checking of OS Kernel Data Structures such as Interrupt Descriptor Table
Kernel Module Integrity Checking

Code Fingerprinting

Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification
Robust Fingerprinting for Relocatable Code
Android Malware Fingerprinting
Image-Based Kernel Fingerprinting using Similarity Hashing

Cloud Forensics

File Type/Encoding Identification

Content-based File-type Identification using Cosine Similarity and a Divide-and-Conquer approach
Fast Content-based File-type Identification
Fast File-type Identification
On Improving the Accuracy and Performance of Content-based File-type Identification

Industrial Control System (ICS) Security and Forensics

Exploring New Attack Vectors and Vulnerabilities

Attack Detection, Analysis, and Recovery

Digital Forensics Readiness, Tools and Techniques

Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics
Denial of Engineering Operations Attacks in Industrial Control Systems
Programmable Logic Controller Forensics
SCADA Network Forensics of the PCCC Protocol
A SCADA System Testbed for Cybersecurity and Forensic Research and Pedagogy
SCADA Systems: Challenges for Forensic Investigators

Hypervisor and Virtual Machine Introspection

Automatic Mitigation of Kernel Rootkits in Cloud Environments
Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection
Integrity Checking of Interrupt Descriptor Table in Cloud Environments
ModChecker: Kernel Module Integrity Checking in the Cloud Environment

Software/Protocol Reverse Engineering

Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics
CLIK on PLCs! Attacking Control Logic with Decompilation and Virtual PLC
Denial of Engineering Operations Attacks in Industrial Control Systems

Malware Detection, Analysis, and Characterization

Distributed Denial of Service Attacks and Defense Mechanism: Current Landscape and Future Directions
Automatic Mitigation of Kernel Rootkits in Cloud Environments
Portable, Fine-Grained Access Control for Android’s Native Content Providers
Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection
Integrity Checking of Interrupt Descriptor Table in Cloud Environments
ModChecker: Kernel Module Integrity Checking in the Cloud Environment
Classification of Packet Contents for Malware Detection

Studying and Improving (In)secure Cyber Behavior of End Users

Susceptibility and Resilience to Cyber Threat: Findings from a Scenario Decision Program to Measure Secure and Insecure Computing Behavior
Self-reported secure and insecure cyber behaviour: factor structure and associations with personality factors
SPICE: A Software Tool for Bridging the Gap Between End-user’s Insecure CyberBehavior and Personality Traits “https://github.com/ahmirf/Susceptibility-and-Resilience-to-Cyber-Threat-SRCTtarget”

Pedagogical Techniques