Current and former researchers in cybersecurity and software engineering under my supervision:

Anis Kothia

About Me

Duration : 2017/1 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : Senior Cyber Security Analyst at Alberta Health Services

Project/Thesis Title : Integration and Automation of Sub domain Enumeration and Service Scanning Tools to Improve Overall Information Gathering Process

Abstract : This research project presents an automated information gathering process for penetration testers integrating open source tools for extraction of useful information. In addition, we explored effectiveness and efficiency of the project.

Caesar Jude Clemente

About Me

Duration : 2017/5 – 2018/6

Status : Completed

University : Concordia University of Edmonton

Present Position : Lecturer, Concordia University of Edmonton

Project/Thesis Title : Solving Software Insecurity

Abstract : We determine the combination of software metrics which best predict security bugs in software systems. We investigate whether such metrics, collected from failures in the past, would also good to build security bug predictions models.

Damanjeet Kaur

About Me

Duration : 2017/1 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : Infrastructure Design and Management Field Technician at NTT Data

Project/Thesis Title : Taxonomy of Android Vulnerabilities

Abstract : This research project presents a classification of current security vulnerabilities in Android. In addition, we explored a set of countermeasures to resolve them.

Darine Ameyed

About Me

Duration : January 2014 – January 2019
Status : In Progress
University : École de Technologie Supérieure
Present Position : Post-Doctoral at ETS
Project/Thesis Title : Using Probabilistic Temporal Logic PCTL and Model
Checking for Context Prediction
Abstract : Context prediction remains a complex and challenging task due to the lack of formal approach. In this paper, we propose a new approach to enhance context prediction using a probabilistic temporal logic and model checking. Probabilistic temporal logic (PCTL) is used to provide an efficient expressivity and a reasoning based on temporal logic in order to fit with the dynamic and non-deterministic nature of the system’s environment.Tested on real data our model was able de achieve 78% of the futures activities prediction accuracy.

Gagandeep Singh

About Me

Duration : 2017/1 – 2017/6

Status : Completed

University : Concordia University of Edmonton

Present Position : Software Analyst

Project/Thesis Title : An Analysis of Android Malware Behavior

Abstract : We used static and dynamic analysis to study the behavior of Android Malware. We examined various attributes such as permission, CPU usage, volatile memory usage, and traffic.
The analysis of the above mentioned four attributes will assist in differentiating malicious apps from legitimate application.

Gurjot Balraj

About Me
Duration : 2016/9 – 2017/4

Status : Completed

University : Concordia University of Edmonton

Present Position : Information Security Senior Consultant, NTT DATA Services

Project/Thesis Title : Analysis of Overhead Caused by Security Mechanisms in IaaS Cloud

Abstract : We used static and dynamic analysis to study the behavior of Android Malware. We examined various attributes such as permission, CPU usage, volatile memory usage, and traffic.
The analysis of the above mentioned four attributes will assist in differentiating malicious apps from legitimate application.

Gurpreet Kaur

About Me

Duration : 2017/1 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : IT analyst at Alberta Health Services

Project/Thesis Title : Detecting Blind Cross-Site Attacks Using Machine Learning

Abstract : This research project presents an approach to detect Blind Cross Site-Scripting Attacks (XSS) using Support Vector Machine Learning (SVM).  In addition, we modified extracted blind XSS features to determine varied results.

Harjot Kaur

About me

Duration : 2017/7 – 2016/9

Status : Completed

University : Concordia University of Edmonton

Present Position : Information Security Consultant

Project/Thesis Title : Unauthorized Data Leakage from an Organisation through Web Browser Fingerprinting Vulnerability

Abstract : We propose and examine an enhanced way of web browser fingerprinting that is capable to circumvent typical corporate network boundary protection devices. We compare the proposed
enhanced fingerprinting with legacy fingerprinting techniques in network environments secured by VPNs, proxy servers, and NAT. The advanced web browser fingerprinting technique proposed provides more reliable results in corporate network environments than the existing browser
fingerprinting techniques. While the legacy web browser fingerprinting techniques are causative to false positives, the proposed additional attributes collected through WebRTC fingerprinting can eliminate the false positive results.

Jasmeen Kaur Babrah

About Me

Duration : 2017/1 – 2017/7

Status : Completed

University : Concordia University of Edmonton

Present Position :  IT Security Support at Mtech Information Security

Project/Thesis Title : In-Depth Experimental Analysis of Behavior of Crypto-Ransomware

Abstract : Crypto-ransomware is a family of one of the commonly seen malware that exploits software vulnerabilities of Internet accessible servers, end-user computers, and mobile devices. In this research, the behavior of the crypto-ransomware is experimentally analyzed. Dynamic analysis of the ransomware was performed in a virtual environment and the behavior of the malware represented using data flow modeling approach. Modification of registry values and system call functions by the malware were within the scope of the analysis. The outcome of the experimental study provides a number of indicators which can be considered when assessing the effectiveness of solutions designed to prevent and detect crypto-ransomware.

Manjinder Singh

About Me

Duration : 2016/9 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : IT Technician at Ralcomm Ltd

Project/Thesis Title : Analyzing overhead from security and administrative functions in virtual environment

Abstract : This research project studied the characteristics of the security-oriented administrative component in the virtual environment. The following characteristics of administrative overhead have been analyzed under fluctuating workload: CPU load, network bandwidth utilization and response time.

Maryam Davari

About Me

Duration : 2014/12 – 2015/12

Status : Completed

University : Queen’s University

Present Position : Ph.D Student at Purdue University West Lafayette, Indianna

Project/Thesis Title : Classifying and Predicting Software Security Vulnerabilities Based on Reproducibility

Abstract : We used linear regression techniques to build predictive models of software security vulnerabilities based on the classical software complexity metrics and a set of attributes related to the environment of software systems. In addition, our research investigated the nature of security failure reproducibility at the code level.

Mayank Ashwinkumar Jaiswal

About Me

Duration : 2017/1 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : IT and Network Security Analyst

Project/Thesis Title : System Call Analysis of Malware Application on Android Platform

Abstract : We analyzed normal system calls and malicious application system calls using STRACE Linux utility. Thus, we create the signature based on those system calls of such malware which can be used to detect Android malware.

Md Shahrear Iqbal

About me

Duration : 2014/6 – 2015/6

Status : Completed

University : Queen’s University

Present Position : Post-Doc at Queens University

Project/Thesis Title : Smartphone Security and Privacy

Abstract : Click fraud is a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising, when a person, automated script, or computer program, imitates a legitimate user of a web browser, clicking on such an ad without having an actual interest in the target of the ad’s link.
We proposed with a set of researchers from Queen’s University and the Irdeto Venture Lab at Ottawa, an approach to prevent click-fraud by implementing an anti-fraud service at the operating system level. The proposed approach protects users from becoming a part of an attack unknowingly. A set of empirical studies showed that our approach is 99.5% accurate in detecting ad requests from all running processes and we got 100% success rate in finding the fraudulent processes.

Pooja Prasad

About Me
Duration : 2017/1 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : Lecturer, Concordia University of Edmonton

Project/Thesis Title : Securing Cyber Physical System in Health Care Environment

Abstract : Wireless Infusion Pumps are an inevitable part of Healthcare Delivery Organizations(HDOs).Nowadays there have been lots of cases of recalls of infusion pumps due to vulnerabilities existing in the devices that make it a safety concern for use on patients before patching the cybersecurity issues. This research has been conducted to give manufacturers an overview of what is the importance of designing the software for infusion pumps with cybersecurity in place.

Pratibha Singh

About Me

Duration : 2017/1 – 2017/12

Status : Completed

University : Concordia University of Edmonton

Present Position : IT and Network Security Analyst

Project/Thesis Title : Enhancing Bio-metric Security with Combinatoric Multi-Fingerprint Authentication Strategies

Abstract : Biometrics provide a reliable and unique solution for user authentication which increases the ease of usage as well as privacy and security of the various applications supporting biometric technology. The proposed method aims to improve the accuracy of the biometric authentication system by decreasing the False Acceptance Rates (FAR) and the False Rejection Rates
(FRR). In our proposed research, we examined the effect of having different combinations and
permutations of fingerprint samples and we show that our proposed method can reduce the security attacks on Biometric authentication systems.

Ranbir Singh Bali

About Me

Duration : September 2017- July 2018
Status : Completed
University : Concordia University of Edmonton
Present Position : IT specialist at RMC Group of Companies
Project/Thesis Title : Lightweight Authentication for MQTT by using Topic-Based Self Key Agreement and Block Cipher
Abstract : A Secure application layer protocol is critical with the worldwide spread of the the internet of things (IOT). Today, the most widely used protocol is Message Queue Telemetry Transport (MQTT), however it has its drawbacks, such as being subject to cipher attacks. To resolve these issues, the Block cipher method for Securing MQTT (BS-MQTT) is proposed. This scheme allows the MQTT broker to sign the tokens with the validity of single encryption and avoids the replay attacks using security tokens.

Ruchi Mishra

About Me

Duration : 2016/9 – 2017/4

Status : Completed

University : Concordia University of Edmonton

Present Position : Senior Security Analyst, Scotiabank

Project/Thesis Title : Behavioral Study of Malwares Impacting Financial Institutions and Clients

Abstract : The purpose of this research project is to study the behavior of malware impacting users of financial institutions (FI). An experimental analysis of the malware targeting individuals’ bank accounts by sniffing their credentials via exploit kits and phishing attacks was conducted. Post experiment analysis shows the various actions done by the malware on the infected systems. In addition, we presented various protection mechanisms which help in overcoming the damage caused by financial malware.

Ryan Sandoval

About Me

Duration : 2018/5 – 2018/8
Status: Completed
Position: Computer Engineering Student at The University of Alberta
University: University of Alberta
Faculty: Faculty of Engineering – Department of Electrical and Computer Engineering


Projects: Incident Assistance Project, Port Scanning and Object Classification Project, This Website

Description:

The Incident Assistance Project will be used to help in the event of a cyber security breach. Throughout a project, users will be able to log activities that they have done using an online form. When an incident occurs (i.e. DOS attacks, excesive drop in site/app visits), the application will be able to automatically investigate the previous logs and compile a report that will be sent to the administrators of the affected site.

The Port Scanning Project was first started by Jean-Claude Nikoue where he implemented a port scanning mechanism. My task was to implement the code required to classify objects using the open ports. This is done with the help of the SHODAN Database.

The 2018 redesign of this website allows for a more intuitive and pleasant experience for its users. The plugins and themes were also analyzed in order to ensure a more modular system.

Samim Khalili

About Me

Duration : January 2018 – August 2018
Status : Completed
University : Concordia University of Edmonton
Present Position : Information Systems and Security Professional
Project/Thesis Title : Enhancing Authentication and Key Agreement Procedure in 5G Mobile Network Using Geo-Encryption Technique
Abstract : Most of the common types of security attacks on mobile networks occur during the authentication between security entities. Thus, this authentication is a very important procedure. This research would aim to enhance the Authentication and Key Agreement (AKA) process in 5G mobile networks and overcome some of its security issues by applying a mechanism called Geo-Encrypted and Authentication and Key Agreement (GE-AKA). This mechanism is based on AES-GEDTD (updated Geo-Encryption technique), which is the most efficient and updated geo-enctryption technique for mobile communications.

Samip Dhakal

About Me

Duration : 2017/7- 2018/4

Status : Completed

University : Concordia University of Edmonton

Present Position : IT and Banking Professional

Project/Thesis Title : Blockchain for authentication in IoT

Abstract : A firmware is a software programmed on the hardware to monitor, control or manipulate data from it. The firmware update can help enhance the performance of devices, fix bugs and patch the vulnerabilities in the device. Researchers are proposing various mechanisms for updating firmware in IoT devices. This research project reviews the firmware update mechanisms for IoT proposed by different researchers and proposes a new mechanism to minimize security risks related to firmware updates.

Samuel Ubaneche

About Me

Duration : March 2018 – Present
Status : In Progress
University : Concordia University of Edmonton
Present Position : Graduate Student
Project/Thesis Title : Blockchain based Digital Data Protection Model
Abstract : This research project presents an approach to identify factors necessary for adequate assessment of blockchain technology and implementation of a blockchain based digital data protection model.

Tunde Yekini

About Me

Duration : 2017/1 – 2017/9

Status : Completed

University : Concordia University of Edmonton

Present Position : Senior Security Analyst at TD Bank

Project/Thesis Title : Study of Trust at Device Level of the Internet of Things Architecture

Abstract : We studied the fundamental architecture of IoT devices and identified potential security risks at each level of the general architecture. In order to address the noted risks, implementation of Trusted Platform Module (TPM) and Unique Device Identifier (UDI) on IoT devices and gateways for encryption and device management is recommended.

Walter Isharufe

About Me

Duration : 2017/1- 2017/6

Status : Completed

University : Concordia University of Edmonton

Present Position : Information Security Senior Consultant, NTT DATA Services

Project/Thesis Title : This research project reviewed various security issues inherent in the PaaS cloud model, classified them according to the essential cloud characteristics and finally recommended high-level solutions to the identified security issues. Recommendations made are in tandem with the Cloud Security Alliance (CSA) cloud control matrix. Also, a review of Amazon Elastic Beanstalk was conducted to understand how security controls provided align with CSA standard requirements. The result of the review and recommendations provided can serve as a reference for organizations and individual users when deciding security needs and service level objectives for PaaS based deployments.

Close Menu
en_USEnglish
fr_CAFrench en_USEnglish