Publications | Security and Forensics Engineering (SAFE) Lab

Sort by date

Journals/Book Chapters

[PLOS ONE]: Carl Weems, Irfan Ahmed, Golden G. Richard III, Justin Russell, Erin Neill, “ Susceptibility and Resilience to Cyber Threat, Findings from a Scenario Decision Program to Measure Secure and Insecure Computing Behavior ” , PLOS ONE , December 2018 , ( Impact Factor of 2.76 in 2018 )
[PDF]
[IEEE S&P]: Irfan Ahmed, Vassil Roussev, “ Peer Instruction Teaching Methodology for Cybersecurity Education ” , IEEE S&P , July 2018 , ( Impact Factor of 1.382 in 2018 )
[PDF] [Bibtext]
[Book Chapter]: Sajal Bhatia, Sunny Behal, Irfan Ahmed, “ Distributed Denial of Service Attacks and Defense Mechanism - Current Landscape and Future Directions ” , Springer , 2018 , ( Book chapter in "In Advances in Information Security" )
[PDF]
[Book Chapter]: Irfan Ahmed, Vassil Roussev, “ Analysis of Cloud Digital Evidence ” , In Security, Privacy, and Digital Forensics in the Cloud, L. Chen, and H. Takabi (Eds.) IGI Global , 2018
[PDF]
[IEEE S&P]: Irfan Ahmed, Sebastian Obermeier, Sneha Sudhakaran, “ Programmable Logic Controller Forensics ” , IEEE S&P , November 2017 , ( Impact Factor of 1.38 in 2017 )
[PDF] [Bibtext]
[Taylor & Francis JCST]: Justin Russell, Carl Weems, Irfan Ahmed, Golden G. Richard III, “ Self-reported secure and insecure cyber behaviour- factor structure and associations with personality factors ” , Journal of Cyber Security Technology, Taylor & Francis , July 2017
[PDF] [Bibtext]
[Elsevier DI]: Vassil Roussev, Irfan Ahmed, Andres Barreto, Shane McCulley, Vivek Shanmughan, “ Cloud Forensics-Tool Development Studies & Future Outlook ” , Digital Investigation, Elsevier , September 2016
[PDF] [Bibtext]
[IEEE Computer]: Irfan Ahmed, Sebastian Obermeier, Martin Naedele, Golden G. Richard III, “ SCADA systems: Challenges for Forensic Investigators ” , IEEE Computer, Vol. 45, No. 12 , December 2012
[PDF] [Bibtext]
[Springer IJIS]: Irfan Ahmed, Martin Naedele, Bradley Schatz, Ryoichi Sasaki, Andrew West, “ SCADA System Security ” , International Journal of Information Security, Springer, Vol. 11, No. 4 , August 2012 , ( Editorial )
[PDF]
[Springer JCV]: Irfan Ahmed, Kyung-suk Lhee, “ Classification of Packet Contents for Malware Detection ” , Journal in Computer Virology, Springer, Vol. 7, No. 4, pp. 279-295 , October 2011
[PDF] [Bibtext]
[IETE TR]: Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, “ Content-based File-type Identification using Cosine Similarity and a Divide-and-Conquer approach ” , IETE Technical Review, Vol. 27, No. 6, pp.465-477 , November 2010
[PDF]

Conferences/Workshops

[ISC]: Syed Ali Qasim, Juan Lopez Jr, Irfan Ahmed, “ Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics ” , Proceedings of the 22nd Information Security Conference (ISC'19) , September 2019 , New York , ( Acceptance rate (26.7%): 23 regular papers / 86 submissions )
[PDF]
[IFIP SEC]: Hyunguk Yoo, Irfan Ahmed, “ Control Logic Injection Attacks on Industrial Control Systems ” , Proceedings of the 34th IFIP International Conference on Information Security and Privacy Protection (IFIP SEC’19) , June 2019 , Lisbon, Portugal
[PDF]
[DIMVA]: Hyunguk Yoo, Sushma Kalle, Jared Smith, Irfan Ahmed, “ Overshadow PLC toDetect Remote Control-Logic Injection Attacks ” , 16th SIG SIDAR Conference on Detection ofIntrusions and Malware & Vulnerability Assessment (DIMVA'19) , June 2019 , Gothenburg, Sweden , ( Acceptance rate (28%): 23 regular papers / 80 submissions )
[PDF]
[CISSE]: Mandar Shivapurkar, Sajal Bhatia, Irfan Ahmed, “ Problem-based Learning for Cybersecurity Education ” , 23rd Colloquium for Information Systems Security Education (CISSE’19) , June 2019 , Las Vegas, NV
[PDF]
[SIGCSE]: Pranita Deshpande, Cynthia Lee, Irfan Ahmed, “ Evaluation of Peer Instruction for Cybersecurity Education ” , Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE) , February 2019 , Minneapolis, Minnesota , ( Acceptance rate (32%): 169 regular papers / 526 submissions )
[PDF]
[SIGCSE]: Pranita Deshpande, Irfan Ahmed, “ Topological Scoring of Concept Maps for Cybersecurity Education ” , Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE) , February 2019 , Minneapolis, Minnesota , ( Acceptance rate (32%): 169 regular papers / 526 submissions )
[PDF]
[NDSS BAR]: Sushma Kalle, Nehal Ameen, Hyunguk Yoo, Irfan Ahmed, “ CLIK on PLCs!Attacking Control Logic with Decompilation and Virtual PLC ” , Proceedings of the Binary Analysis Research (BAR) Workshop in Conjunction with Network and Distributed System Security Symposium (NDSS) , Feb 2019 , San Diego, CA
[PDF]
[DFRWS]: Manish Bhatt, Irfan Ahmed, “ Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification ” , Proceedings of 18th Annual Digital Forensics Research Conference (DFRWS'18) , July 2018 , Providence, RI , ( Acceptance rate (31.8%): 14 regular papers / 44 submissions )
[PDF]
[CODASPY]: Saranyan Senthivel, Shrey Dhungana, Hyunguk Yoo, Irfan Ahmed, Vassil Roussev, “ Denial of Engineering Operations Attacks in Industrial Control Systems ” , In 8th ACM Conference on Data and Application Security and Privacy (CODASPY'18) , March 2018 , Tempe, AZ , ( Acceptance rate (22%): 24 regular papers / 110 submissions )
[PDF]
[SIGCSE]: Manish Bhatt, Irfan Ahmed, Zhiqiang Lin, “ Using Virtual Machine Introspection for Operating Systems Security Education ” , In 49th ACM Technical Symposium on Computer Science Education (SIGCSE) , February 2018 , Baltimore, Maryland, USA , ( Acceptance rate (35%): 161 regular papers / 459 submissions )
[PDF]
[WISA]: Jonathan Grimm, Irfan Ahmed, Vassil Roussev, Manish Bhatt, ManPyo Hong, “ Automatic Mitigation of Kernel Rootkits in Cloud Environments ” , In 18th World Conference on Information Security Applications (WISA'17), Lecture Notes in Computer Science (LNCS) Springer , August 2017 , Jeju Island, South Korea
[PDF]
[USENIX ASE]: William Johnson, Irfan Ahmed, Vassil Roussev, Cynthia B. Lee, “ Peer Instruction for Digital Forensics ” , In USENIX Advances in Security Education Workshop (ASE'17), co-located with 26th USENIX Security Symposium , August 2017 , Vancouver, BC, Canada
[PDF]
[DFRWS]: Saranyan Senthivel, Irfan Ahmed, Vassil Roussev, “ SCADA Network Forensics of the PCCC Protocol ” , In the 17th Annual Digital Forensics Research Conference (DFRWS'17) , August 2017 , Austin, USA , ( Acceptance rate (32%): 13 regular papers / 41 submissions )
[PDF]
[USENIX ASE]: William Johnson, Irfan Ahmed, Vassil Roussev, Cynthia B. Lee, “ Peer Instruction for Digital Forensics ” , In USENIX Advances in Security Education Workshop (ASE'17), co-located with 26th USENIX Security Symposium , August 2017 , Vancouver, BC, Canada
[PDF]
[ACSAC ICSS]: Irfan Ahmed, Vassil Roussev, William Johnson, Saranyan Senthivel, Sneha Sudhakaran, “ A SCADA System Testbed for Cybersecurity and Forensic Research and Pedagogy ” , In the 2nd Annual Industrial Control System Security Workshop (ICSS'16), In conjunction with 32nd Annual Computer Security Applications Conference (ACSAC'16) , December 2016 , Los Angeles, CA
[PDF]
[USENIX ASE]: William Johnson, Allison Luzader, Irfan Ahmed, Vassil Roussev, Golden G. Richard III, Cynthia B. Lee, “ Development of Peer Instruction Questions for Cybersecurity Education ” , In USENIX Advances in Security Education Workshop (ASE'16), co-located with 25th USENIX Security Symposium , August 2016 , Austin, TX
[PDF]
[WiSec]: Aisha Ali-Gombe, Golden G. Richard III, Irfan Ahmed, Vassil Roussev, “ Don't Touch that Column - Portable, Fine-Grained Access Control for Android's Native Content Providers ” , In the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'16) , July 2016 , Darmstadt, Germany , ( Acceptance rate (26%): 13 regular papers / 51 submissions )
[PDF]
[IFIP DF]: Vassil Roussev, Andres Barreto, Irfan Ahmed, “ Forensic Acquisition of Cloud Drives ” , In the 12th IFIP WG 11.9 International Conference on Digital Forensics , January 2016 , New Delhi, India
[PDF]
[ACSAC PPREW]: Aisha Ali-Gombe, Irfan Ahmed, Golden G. Richard III, Vassil Roussev, “ OpSeq - Android Malware Fingerprinting ” , In In the 5th Program Protection and Reverse Engineering Workshop (PPREW'15), In conjunction with 31st Annual Computer Security Applications Conference (ACSAC'15) , December 2015 , Los Angeles, CA
[PDF]
[CODASPY]: Irfan Ahmed, Vassil Roussev, Aisha Ali Gombe, “ Robust Fingerprinting for Relocatable Code ” , In 5th ACM Conference on Data and Application Security and Privacy (CODASPY'15) , March 2015 , San Antonio, TX , ( Acceptance rate (21%): 19 regular papers / 91 submissions )
[PDF]
[DFRWS]: Vassil Roussev, Irfan Ahmed, Thomas Sires, “ Image-Based Kernel Fingerprinting ” , In 14th Annual Digital Forensics Research Conference (DFRWS'14) , August 2014 , Denver CO , ( Acceptance rate (29%): 15 regular papers / 52 submissions )
[PDF]
[ISC]: Irfan Ahmed, Golden G. Richard III, Aleksandar Zoranic, Vassil Roussev, “ Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection ” , In the 16th Information Security Conference (ISC'13) , November 2013 , Dallas, Texas , ( Acceptance rate (23%): 16 regular papers / 70 submissions, **Best Paper Award** )
[PDF]
[IFIP DF]: Irfan Ahmed, Aleksandar Zoranic, Salman Javaid, Golden G. Richard III, Vassil Roussev, “ Rule-based Integrity Checking of Interrupt Descriptor Table in Cloud Environments ” , In 9th IFIP WG 11.9 International Conference on Digital Forensics , January 2013 , Orlando, Florida
[PDF]
[ACSAC LAW]: Salman Javaid, Aleksandar Zoranic, Irfan Ahmed, Golden G. Richard III, “ Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment ” , In the 6th Layered Assurance Workshop (LAW'12), In conjunction with the 28th Annual Computer Security Applications Conference (ACSAC'12) , December 2012 , Orlando, Florida
[PDF]
[ICPP CloudSec]: Irfan Ahmed, Aleksandar Zoranic, Salman Javaid, Golden G. Richard III, “ ModChecker: Kernel Module Integrity Checking in the Cloud Environment ” , In 4th International Workshop on Security in Cloud Computing (CloudSec'12), In conjunction with the 41st International Conference on Parallel Processing (ICPP'12) , September 2012 , Pittsburgh, Pennsylvania
[PDF]
[NSS]: Eesa Al Soalmi, Colin Boyd, Andrew Clark, Irfan Ahmed, “ User-Representative Feature Selection for Keystroke Dynamics ” , In 5th International Conference on Network and System Security (NSS' 11) , September 2011 , Milan, Italy
[PDF]
[ICRC]: Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark, “ Gap Analysis of Intrusion Detection in Smart Grids ” , In International Cyber Resilience Conference , August 2011 , Perth, Australia , ( **Best Paper Award** )
[PDF]
[IFIP DF]: Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, “ Fast Content-based File-type Identification ” , In 7th IFIP WG 11.9 International Conference on Digital Forensics , February 2011 , Orlando, Florida
[PDF]
[ACM SAC]: Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, “ Fast File-type Identification ” , In 25th Annual ACM Symposium on Applied Computing, (SAC'10) , March 2010 , Sierre, Switzerland
[PDF]
[ACISP]: Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, “ On Improving the Accuracy and Performance of Content-based File-type Identification ” , In 14th Australasian conference on information security and privacy (ACISP'09) , July 2009 , Brisbane, Australia , ( Acceptance rate (28%): 30 regular papers / 106 submissions )
[PDF]
[ARES PSAI]: Irfan Ahmed, Kyung-suk Lhee, “ Detection of Malcodes by Packet Classification ” , In International Workshop on Privacy and Security by means of Artificial Intelligence (PSAI'08), In conjunction with the 3rd IEEE International Conference on Availability Reliability and Security (ARES'08) , March 2008 , Barcelona, Spain
[PDF]
[IAS]: Irfan Ahmed, Usman Tariq, Shoaib Mukhtar, Kyung-suk Lhee, Seung-Wha Yoo, Piao Yanji, Manpyo Hong, “ Binding Update Authentication Scheme for Mobile IPv6 ” , In the 3rd IEEE International Symposium on Information Assurance and Security (IAS'07) , August 2007 , Manchester, United Kingdom , ( Acceptance rate (42%): 60 regular papers / 141 submissions )
[PDF]

Posters/Extended Abstracts/Work-in-progress Presentations:

[ICPS]: Carl Weems, Golden Richard III, Irfan Ahmed, Justin Russell, Erin Neill, Marsee Monica, “ Susceptibility and Resilience to Cyber Threat - Findings from a Scenario Decision Programto Measure Secure and Insecure Computing Behavior Network Forensic ” , In the International Convention of Psychological Science (ICPS) Sciences , March 2019 , Paris, France , ( Poster )
[AAFS]: Irfan Ahmed, “ Ladder Logic Decompiler for Supervisory Control and Data Acquisition (SCADA) Network Forensic ” , Proceedings of the 71st Annual Meeting of the American Academy of Forensic Sciences , February 2019 , Baltimore, MD , ( Extended Abstract )
[AAFS]: Irfan Ahmed, “ Supervisory Control and Data Acquisition (SCADA) Forensics - Network Traffic Analysis for Extracting a Programmable Logic Controller (PLC) System and Programming Logic File ” , Proceedings of the 69th Annual Meeting of the American Academy of Forensic Sciences , February 2015 , New Orleans, USA , ( Extended Abstract )
[CODASPY]: Anjila Tamrakar, Justin D. Russell, Irfan Ahmed, Golden G. Richard III, Carl F. Weems, “ SPICE - A Software Tool for Bridging the Gap Between End-user's Insecure Cyber Behavior and Personality Traits ” , In the 6th ACM Conference on Data andApplication Security and Privacy (CODASPY'16) , March 2016 , New Orleans, LA , ( Poster )
[CODASPY]: Aisha Ibrahim Ali-Gombe, Irfan Ahmed, Golden G. Richard III, Vassil Roussev, “ AspectDroid - Android App Analysis System ” , In the 6th ACM Conference on Data and Application Security and Privacy (CODASPY'16) , March 2016 , New Orleans, LA , ( **Outstanding Poster Award** )
[AAFS]: Irfan Ahmed, Vassil Roussev, Aisha Ali Gombe, “ Memory Forensics - Reliable In-Memory Code Identification Using Relocatable Pointers ” , Proceedings of the 67th Annual Meeting of the American Academy of Forensic Sciences , February 2015 , Orlando, FL , ( Extended Abstract )
[AAFS]: Irfan Ahmed, Golden G. Richard III, “ Kernel Pool Monitoring to Support Malware Forensics in a Cloud Computing Environment ” , Proceedings of the 66th Annual Meeting of the American Academy of Forensic Sciences , February 2014 , Washington, USA , ( Extended Abstract )
[AAFS]: Golden G. Richard III, Irfan Ahmed, “ Compressed RAM and Live Forensics ” , Proceedings of the 66th Annual Meeting of the American Academy of Forensic Sciences , February 2014 , Washington, USA , ( Extended Abstract )
[ACSAC]: Aisha Ali-Gombe, Irfan Ahmed, Golden G. Richard III, “ DROIDHOOK - Android Mal App Detection Through Context ” , In the 29th Annual Computer Security Applications Conference (ACSAC'13) , December 2013 , New Orleans, LA , ( Poster )
[ACSAC]: Irfan Ahmed, Aleksandar Zoranic, “ HookLocator - Function Pointer Integrity Checking in Kernel Pools via Virtual Machine Introspection ” , In the 29th Annual Computer Security Applications Conference (ACSAC'13) , December 2013 , New Orleans, LA , ( Poster )
[AAFS]: Irfan Ahmed, Golden G. Richard III, “ Live Forensic Analysis of Kernel Code for Malware Detection in Cloud Computing Environments ” , Proceedings of the 65th Annual Meeting of the American Academy of Forensic Sciences , pp. 154-155 , February 2013 , Washington, USA , ( Extended Abstract, **Outstanding Research Award** )

Other Publications:

[INTERPOL]: Vassil Roussev, Irfan Ahmed, “ Cloud Forensics - A True Game Changer ” , INTERPOL Digital 4N6 Pulse, Volume V , June 2019