Shahid Alam

Shahid Alam

This paper introduces and presents a new language named MAIL (Malware Analysis Intermediate Language). MAIL is basically used for building malware analysis and detection tools. MAIL provides an abstract representation of an assembly program and hence the ability of a tool to automate malware analysis and detection. By translating binaries compiled for different platforms to MAIL, a tool can achieve platform independence. Each MAIL statement is annotated with patterns that can be used by a tool to optimize malware analysis and detection.

Shahid Alam, Zeynep Altiparmak

With the rise of complex cyber devices Cyber Forensics (CF) is facing many new challenges. For example, there are dozens of systems running on smartphones, each with more than millions of downloadable applications. Sifting through this large amount of data and making sense requires new techniques, such as from the field of Artificial Intelligence (AI). To apply these techniques successfully in CF, we need to justify and explain the results to the stakeholders of CF, such as forensic analysts and members of the court, for them to make an informed decision. If we want to apply AI successfully in CF, there is a need to develop trust in AI systems. Some other factors in accepting the use of AI in CF are to make AI authentic, interpretable, understandable, and interactive. This way, AI systems will be more acceptable to the public and ensure alignment with legal standards. An explainable AI (XAI) system can play this role in CF, and we call such a system XAI-CF. XAI-CF is indispensable and is still in its infancy. In this paper, we explore and make a case for the significance and advantages of XAI-CF. We strongly emphasize the need to build a successful and practical XAI-CF system and discuss some of the main requirements and prerequisites of such a system. We present a formal definition of the terms CF and XAI-CF and a comprehensive literature review of previous works that apply and utilize XAI to build and increase trust in CF. We discuss some challenges facing XAI-CF. We also provide some concrete solutions to these challenges. We identify key insights and future research directions for building XAI applications for CF. This paper is an effort to explore and familiarize the readers with the role of XAI applications in CF, and we believe that our work provides a promising basis for future researchers interested in XAI-CF.

Shahid Alam, Amina Jameel, Zahida Parveen et al.

The Internet of Vehicles (IoV) is advancing modern transportation by improving safety, efficiency, and intelligence. However, the reliance on the Controller Area Network (CAN) introduces critical security risks, as CAN-based communication is highly vulnerable to cyberattacks. Addressing this challenge, we propose DAIRE (Detecting Attacks in IoV in REal-time), a lightweight machine learning framework designed for real-time detection and classification of CAN attacks. DAIRE is built on a lightweight artificial neural network (ANN) where each layer contains Ni = i x c neurons, with Ni representing the number of neurons in the ith layer and c corresponding to the total number of attack classes. Other hyperparameters are determined empirically to ensure real-time operation. To support the detection and classification of various IoV attacks, such as Denial-of-Service, Fuzzy, and Spoofing, DAIRE employs the sparse categorical cross-entropy loss function and root mean square propagation for loss minimization. In contrast to more resource-intensive architectures, DAIRE leverages a lightweight ANN to reduce computational demands while still delivering strong performance. Experimental results on the CICIoV2024 and Car-Hacking datasets demonstrate DAIRE's effectiveness, achieving an average detection rate of 99.88%, a false positive rate of 0.02%, and an overall accuracy of 99.96%. Furthermore, DAIRE significantly outperforms state-of-the-art approaches in inference speed, with a classification time of just 0.03 ms per sample. These results highlight DAIRE's effectiveness in detecting IoV cyberattacks and its practical suitability for real-time deployment in vehicular systems, underscoring its vital role in strengthening automotive cybersecurity.

Shahid Alam, M. Zain ul Abideen, Shahzad Saleem

The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new tool named DroidMorph, that provides morphing of Android applications (APKs) at different level of abstractions, and can be used to create Android application (malware/benign) clones. As a case study we perform testing and evaluating resilience of current commercial anti-malware products against attack of the Android malware clones generated by DroidMorph. We found that 8 out of 17 leading commercial anti-malware programs were not able to detect any of the morphed APKs. We hope that DroidMorph will be used in future research, to improve Android malware clones analysis and detection, and help stop them.

Shahid Alam, Juvariya Khan

The Ubiquitous nature of smartphones has significantly increased the use of social media platforms, such as Facebook, Twitter, TikTok, and LinkedIn, etc., among the public, government, and businesses. Facebook generated ~70 billion USD in 2019 in advertisement revenues alone, a ~27% increase from the previous year. Social media has also played a strong role in outbreaks of social protests responsible for political changes in different countries. As we can see from the above examples, social media plays a big role in business intelligence and international politics. In this paper, we present and discuss a high-level functional intelligence model (recipe) of Social Media Analysis (SMA). This model synthesizes the input data and uses operational intelligence to provide actionable recommendations. In addition, it also matches the synthesized function of the experiences and learning gained from the environment. The SMA model presented is independent of the application domain, and can be applied to different domains, such as Education, Healthcare and Government, etc. Finally, we also present some of the challenges faced by SMA and how the SMA model presented in this paper solves them.

Shahid Alam, Abdulaziz Ravshanbekov

With the rise of social media, it has become easier to disseminate fake news faster and cheaper, compared to traditional news media, such as television and newspapers. Recently this phenomenon has attracted lot of public attention, because it is causing significant social and financial impacts on their lives and businesses. Fake news are responsible for creating false, deceptive, misleading, and suspicious information that can greatly effect the outcome of an event. This paper presents a synopsis that explains what are fake news with examples and also discusses some of the current machine learning techniques, specifically natural language processing (NLP) and deep learning, for automatically predicting and detecting fake news. Based on this synopsis, we recommend that there is a potential of using NLP and deep learning to improve automatic detection of fake news, but with the right set of data and features.

Shahid Alam

Humans possess a large amount of, and almost limitless, visual memory, that assists them to remember pictures far better than words. This phenomenon has recently motivated the computer security researchers' in academia and industry to design and develop graphical user identification systems (GUISs). Cognometric GUISs are more memorable than drawmetric GUISs, but takes more time to authenticate. None of the previously proposed GUISs combines the advantages of both cognometric and drawmetric systems. A signature personify a person and a graphical signature is easier to recall than other drawings. This paper proposes a new graphical Signature-based User Identification System named SUIS. It is based on a 2D grid technology, that is used to draw, digitize and store the signature for user identification. SUIS is categorized as both a cognometric and drawmetric system. Unlike other systems that use 2D grid: We take one cell in a grid as one pixel in the drawing; for signature matching, the signature drawn has to follow the same grid cells as the signature stored, independent of the sequence; and that the system is not based on any machine learning model. Increasing the number of grid cells increases the password space, and decreasing the size of the grid cell increases the precision of the signature. These characteristics makes SUIS: (1) Rigorous enough to be a password system, but easy enough to be usable. (2) Independent of the language and device used to draw the signature. (3) Efficient and practical to be used for online authentication systems.

Shahid Alam, Zhengyang Qu, Ryan Riley et al.

According to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively ~99% on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature based detectors. In addition, the plethora of more sophisticated detectors making use of static analysis techniques to detect such variants operate only at the bytecode level, meaning that malware embedded in native code goes undetected. A recent study shows that 86% of the most popular Android applications contain native code, making this a plausible threat. This paper proposes DroidNative, an Android malware detector that uses specific control flow patterns to reduce the effect of obfuscations, provides automation and platform independence, and as far as we know is the first system that operates at the Android native code level, allowing it to detect malware embedded in both native code and bytecode. When tested with traditional malware variants it achieves a detection rate (DR) of 99.48%, compared to academic and commercial tools' DRs that range from 8.33% -- 93.22%. When tested with a dataset of 2240 samples DroidNative achieves a DR of 99.16%, a false positive rate of 0.4% and an average detection time of 26.87 sec/sample.

Shahid Alam

This paper presents a comparative study to evaluate and compare Fortran with the two most popular programming languages Java and C++. Fortran has gone through major and minor extensions in the years 2003 and 2008. (1) How much have these extensions made Fortran comparable to Java and C++? (2) What are the differences and similarities, in supporting features like: Templates, object constructors and destructors, abstract data types and dynamic binding? These are the main questions we are trying to answer in this study. An object-oriented ray tracing application is implemented in these three languages to compare them. By using only one program we ensured there was only one set of requirements thus making the comparison homogeneous. Based on our literature survey this is the first study carried out to compare these languages by applying software metrics to the ray tracing application and comparing these results with the similarities and differences found in practice. We motivate the language implementers and compiler developers, by providing binary analysis and profiling of the application, to improve Fortran object handling and processing, and hence making it more prolific and general. This study facilitates and encourages the reader to further explore, study and use these languages more effectively and productively, especially Fortran.