Current and former researchers in cybersecurity and software engineering under my supervision:
- Abubakr Ibrahim
- Amine Barrak
- Anis Kothia
- Babajide Adegoke
- Caesar Jude Clemente
- Diallo Mamadou Moussa
- Gagandeep Singh
- Gurjot Balraj
- Gurpreet Kaur
- Harjot Kaur
- Jasmeen Kaur Babrah
- Jean Decian
- Lavin Titare
- Manel Grichi
- Manjinder Singh
- Maryam Davari
- Mayank Ashwinkumar Jaiswal
- Md Nematullah
- Md Shahrear Iqbal
- Pooja Prasad
- Pratibha Singh
- Rachel Ladouceur
- Ranbir Singh Bali
- Ruchi Mishra
- Ryan Sandoval
- Samim Khalili
- Samuel Ubaneche
- Tunde Yekini
- Walter Isharufe
Abubakr Ibrahim
About Me
Duration: 2020/9
Thesis: Spam detection using XAI
Status: In progress
University: Laval University
Present Position: Postdoctoral researcher in Synchromedia Lab, École de Technologie Supérieure at Montreal
Amine Barrak
About Me
Duration: 2021/9 – Present
Thesis: : Secure DevOps and MLOps
Status: In progress
University: Quebec University at Chicoutimi
Present Position: Secure DevOps and MLOps
Anis Kothia
About Me
Duration: 2017/1 – 2017/12
Status: Completed
University: Concordia University of Edmonton
Present Position: Senior Cyber Security Analyst at Alberta Health Services.
Project/Thesis Title: Integration and Automation of Subdomain Enumeration and Service Scanning Tools to Improve Overall Information Gathering Process.
Abstract: This research project presents an automated information gathering process for penetration testers integrating open source tools for the extraction of useful information. In addition, we explored the effectiveness and efficiency of the project.
Babajide Adegoke
About Me
Duration: 2017/9 – 2018/6
Thesis: : Exploring the use of pre-shared key in the authentification process of
LTE base stations
Status: Completed
University: Concordia University of Edmonton
Present Position: Information Security Professional
Caesar Jude Clemente
About Me
Duration: 2017/5 – 2018/12
Thesis: : Solving Software Insecurity
Status: Completed
University: Concordia University of Edmonton
Present Position: KWANTLEN POLYTECHNIC UNIVERSITY
Diallo Mamadou Moussa
About Me
Duration: 2023/03 – Present
Status: In progress
University: University of Quebec at Chicoutimi
Present Position: Graduate student
Gagandeep Singh
About Me
Duration : 2017/1 – 2017/6
Status : Completed
University : Concordia University of Edmonton
Present Position : Software Analyst
Project/Thesis Title : An Analysis of Android Malware Behavior
Abstract : We used static and dynamic analysis to study the behavior of Android Malware. We examined various attributes such as permission, CPU usage, volatile memory usage, and traffic.
The analysis of the above mentioned four attributes will assist in differentiating malicious apps from legitimate application.
Gurjot Balraj
About Me
Status : Completed
University : Concordia University of Edmonton
Present Position : Information Security Senior Consultant, NTT DATA Services
Project/Thesis Title : Analysis of Overhead Caused by Security Mechanisms in IaaS Cloud
Abstract : We used static and dynamic analysis to study the behavior of Android Malware. We examined various attributes such as permission, CPU usage, volatile memory usage, and traffic.
The analysis of the above mentioned four attributes will assist in differentiating malicious apps from legitimate application.
Gurpreet Kaur
About Me
Duration: 2017/1 – 2017/12
Status: Completed
University: Concordia University of Edmonton
Present Position: IT analyst at Alberta Health Services
Project/Thesis Title: Detecting Blind Cross-Site Attacks Using Machine Learning
Abstract: This research project presents an approach to detect Blind Cross Site-Scripting Attacks (XSS) using Support Vector Machine Learning (SVM). In addition, we modified extracted blind XSS features to determine varied results.
Harjot Kaur
About me
Duration : 2017/7 – 2016/9
Status : Completed
University : Concordia University of Edmonton
Present Position : Information Security Consultant
Project/Thesis Title : Unauthorized Data Leakage from an Organisation through Web Browser Fingerprinting Vulnerability
Abstract : We propose and examine an enhanced way of web browser fingerprinting that is capable to circumvent typical corporate network boundary protection devices. We compare the proposed
enhanced fingerprinting with legacy fingerprinting techniques in network environments secured by VPNs, proxy servers, and NAT. The advanced web browser fingerprinting technique proposed provides more reliable results in corporate network environments than the existing browser
fingerprinting techniques. While the legacy web browser fingerprinting techniques are causative to false positives, the proposed additional attributes collected through WebRTC fingerprinting can eliminate the false positive results.
Jasmeen Kaur Babrah
About Me
Duration : 2017/1 – 2017/7
Status : Completed
University : Concordia University of Edmonton
Present Position : IT Security Support at Mtech Information Security
Project/Thesis Title : In-Depth Experimental Analysis of Behavior of Crypto-Ransomware
Abstract : Crypto-ransomware is a family of one of the commonly seen malware that exploits software vulnerabilities of Internet accessible servers, end-user computers, and mobile devices. In this research, the behavior of the crypto-ransomware is experimentally analyzed. Dynamic analysis of the ransomware was performed in a virtual environment and the behavior of the malware represented using data flow modeling approach. Modification of registry values and system call functions by the malware were within the scope of the analysis. The outcome of the experimental study provides a number of indicators which can be considered when assessing the effectiveness of solutions designed to prevent and detect crypto-ransomware.
Jean Decian
About Me
Duration: 2019/05 – Present
Status: In progress
University: Polytechnique Montreal
Present Position: Bachelor student
Project/Thesis Title: An Active Soft Fingerprinting for the Internet of things devices to mitigate distributed denial-of-Service AttacksUsingBotnets.
Abstract: Reducing the likelihood of future disruptions of DistributedDenial of Service (DDoS) attacks based on IoT involves, among other things, developing an Internet of Thingsfingerprintingapproachthat identifies devices actively connected to networks. The approach should use a unique electronic fingerprint that each device creates via its services, ports, and software installed on it, to figure out which connection requests or other network activities are legitimate and which may come from potentially malicious sources. The proposed approach could be then used to enhance the security of servers, web service providers, essential cyber systems, as well as networked industrial systems such as oil and gas, manufacturing, water treatment, and utilities.
Lavin Titare
About Me
Duration: 2023/05 – Present
Thesis: Internet of Things
Status: In progress
University: Indian Institute of Technology of Kharagpûr
Present Position: 5th year Ungraduate Student
Manel Grichi
About Me
Duration: 2019/1 – Present
Status: In progress
University: Polytechnique Montreal
Present Position: Ph.D. candidate
Project/Thesis Title: Inter-language dependency analysis in multi-language systems
Abstract: Nowadays, developers are often choosing to use multiple programming languages to implement features in a given software project. Since each programming language has its own rules (lexical, semantic, and syntactical), program comprehension of multi-language systems becomes more complex and maintenance activities become more challenging. This is because generic static dependency analyses are no longer able to follow direct function calls in order to determine dependencies, i.e., they need to understand the specific calling convention between, for example, Java and C++. In contrast to the work on dependency analysis in mono-language systems, dependency analysis for multi-language systems is not well established yet and is still subject to investigation.
Manjinder Singh
About Me
Duration : 2016/9 – 2017/12
Status : Completed
University : Concordia University of Edmonton
Present Position : IT Technician at Ralcomm Ltd
Project/Thesis Title : Analyzing overhead from security and administrative functions in virtual environment
Abstract : This research project studied the characteristics of the security-oriented administrative component in the virtual environment. The following characteristics of administrative overhead have been analyzed under fluctuating workload: CPU load, network bandwidth utilization and response time.
Maryam Davari
About Me
Duration : 2014/12 – 2015/12
Status : Completed
University : Queen’s University
Present Position : Ph.D Student at Purdue University West Lafayette, Indianna
Project/Thesis Title : Classifying and Predicting Software Security Vulnerabilities Based on Reproducibility
Abstract : We used linear regression techniques to build predictive models of software security vulnerabilities based on the classical software complexity metrics and a set of attributes related to the environment of software systems. In addition, our research investigated the nature of security failure reproducibility at the code level.
Mayank Ashwinkumar Jaiswal
About Me
Duration : 2017/1 – 2017/12
Status : Completed
University : Concordia University of Edmonton
Present Position : IT and Network Security Analyst
Project/Thesis Title : System Call Analysis of Malware Application on Android Platform
Abstract : We analyzed normal system calls and malicious application system calls using STRACE Linux utility. Thus, we create the signature based on those system calls of such malware which can be used to detect Android malware.
Md Nematullah
About Me
Duration: 2023/03 – Present
Thesis: Internet of Things
Status: In progress
University: Indian Institute of Technology of Kharagpûr
Present Position: 4th year Ungraduate Student
Md Shahrear Iqbal
About me
Duration : 2014/6 – 2015/6
Status : Completed
University : Queen’s University
Present Position : Post-Doc at Queens University
Project/Thesis Title : Smartphone Security and Privacy
Abstract : Click fraud is a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising, when a person, automated script, or computer program, imitates a legitimate user of a web browser, clicking on such an ad without having an actual interest in the target of the ad’s link.
We proposed with a set of researchers from Queen’s University and the Irdeto Venture Lab at Ottawa, an approach to prevent click-fraud by implementing an anti-fraud service at the operating system level. The proposed approach protects users from becoming a part of an attack unknowingly. A set of empirical studies showed that our approach is 99.5% accurate in detecting ad requests from all running processes and we got 100% success rate in finding the fraudulent processes.
Pooja Prasad
About Me
Status : Completed
University : Concordia University of Edmonton
Present Position : Lecturer, Concordia University of Edmonton
Project/Thesis Title : Securing Cyber Physical System in Health Care Environment
Abstract : Wireless Infusion Pumps are an inevitable part of Healthcare Delivery Organizations(HDOs).Nowadays there have been lots of cases of recalls of infusion pumps due to vulnerabilities existing in the devices that make it a safety concern for use on patients before patching the cybersecurity issues. This research has been conducted to give manufacturers an overview of what is the importance of designing the software for infusion pumps with cybersecurity in place.
Pratibha Singh
About Me
Duration: 2017/1 – 2017/12
Status: Completed
University: Concordia University of Edmonton
Present Position: IT and Network Security Analyst
Project/Thesis Title: Enhancing Bio-metric Security with Combinatoric Multi-Fingerprint Authentication Strategies
Abstract: Biometrics provides a reliable and unique solution for user authentication which increases the ease of usage as well as privacy and security of the various applications supporting biometric technology. The proposed method aims to improve the accuracy of the biometric authentication system by decreasing the False Acceptance Rates (FAR) and the False Rejection Rates (FRR). In our proposed research, we examined the effect of having different combinations and permutations of fingerprint samples and we show that our proposed method can reduce the security attacks on Biometric authentication systems.
Rachel Ladouceur
About Me
Duration: 2022/1
Thesis: Detection of cyber influence activities
Status: In Progress
University: Quebec University at Chicoutimi
Present Position: Quebec University at Chicoutimi
Ranbir Singh Bali
About Me
Duration: September 2017- July 2018
Status: Completed
University: Concordia University of Edmonton
Present position: IT specialist at RMC Group of Companies
Project/Thesis Title: Lightweight Authentication for MQTT by using Topic-Based Self Key Agreement and Block Cipher
Abstract: A Secure application layer protocol is critical with the worldwide spread of the internet of things (IoT). Today, the most widely used protocol is Message Queue Telemetry Transport (MQTT), however, it has its drawbacks, such as being subject to cipher attacks. To resolve these issues, the Block cipher method for Securing MQTT (BS-MQTT) is proposed. This scheme allows the MQTT broker to sign the tokens with the validity of single encryption and avoids the replay attacks using security tokens.
Ruchi Mishra
About Me
Duration : 2016/9 – 2017/4
Status : Completed
University : Concordia University of Edmonton
Present Position : Senior Security Analyst, Scotiabank
Project/Thesis Title : Behavioral Study of Malwares Impacting Financial Institutions and Clients
Abstract : The purpose of this research project is to study the behavior of malware impacting users of financial institutions (FI). An experimental analysis of the malware targeting individuals’ bank accounts by sniffing their credentials via exploit kits and phishing attacks was conducted. Post experiment analysis shows the various actions done by the malware on the infected systems. In addition, we presented various protection mechanisms which help in overcoming the damage caused by financial malware.
Ryan Sandoval
About Me
Duration: 2018/5 – 2018/8
Status: Completed
Present position: Computer Engineering Student at The University of Alberta
University: University of Alberta
Project/Thesis Title: Incident Assistance Project, Port Scanning and Object Classification Project, This Website
Abstract: The Incident Assistance Project will be used to help in the event of a cybersecurity breach. Throughout a project, users will be able to log activities that they have done using an online form. When an incident occurs (i.e. DOS attacks, an excessive drop in site/app visits), the application will be able to automatically investigate the previous logs and compile a report that will be sent to the administrators of the affected site.
The Port Scanning Project was first started by Jean-Claude Nikoue where he implemented a port scanning mechanism. My task was to implement the code required to classify objects using the open ports. This is done with the help of the SHODAN Database.
The 2018 redesign of this website allows for a more intuitive and pleasant experience for its users. The plugins and themes were also analyzed in order to ensure a more modular system.
Samim Khalili
About Me
Duration: January 2018 – August 2018
Status: Completed
University: Concordia University of Edmonton
Present position: Information Systems and Security Professional
Project/Thesis Title: Enhancing Authentication and Key Agreement Procedure in 5G Mobile Network Using Geo-Encryption Technique
Abstract: Most of the common types of security attacks on mobile networks occur during the authentication between security entities. Thus, this authentication is a very important procedure. This research would aim to enhance the Authentication and Key Agreement (AKA) process in 5G mobile networks and overcome some of its security issues by applying a mechanism called Geo-Encrypted and Authentication and Key Agreement (GE-AKA). This mechanism is based on AES-GEDTD (updated Geo-Encryption technique), which is the most efficient and updated geo-encryption technique for mobile communications.
Samuel Ubaneche
About Me
Duration: March 2018 – Present
Status: In Progress
University: Concordia University of Edmonton
Present Position: Graduate Student
Project/Thesis Title: Blockchain-based Digital Data Protection Model
Abstract: This research project presents an approach to identify factors necessary for adequate assessment of blockchain technology and the implementation of a blockchain-based digital data protection model.
Tunde Yekini
About Me
Duration : 2017/1 – 2017/9
Status : Completed
University : Concordia University of Edmonton
Present Position : Senior Security Analyst at TD Bank
Project/Thesis Title : Study of Trust at Device Level of the Internet of Things Architecture
Abstract : We studied the fundamental architecture of IoT devices and identified potential security risks at each level of the general architecture. In order to address the noted risks, implementation of Trusted Platform Module (TPM) and Unique Device Identifier (UDI) on IoT devices and gateways for encryption and device management is recommended.
Walter Isharufe
About Me
Duration: 2017/1- 2017/6
Status: Completed
University: Concordia University of Edmonton
Present Position: Information Security Senior Consultant, NTT DATA Services
Project/Thesis Title: Paas Cloud Security Evaluation
Abstract: This research project reviewed various security issues inherent in the PaaS cloud model, classified them according to the essential cloud characteristics and finally recommended high-level solutions to the identified security issues. Recommendations made are in tandem with the Cloud Security Alliance (CSA) cloud control matrix. Also, a review of Amazon Elastic Beanstalk was conducted to understand how security controls provided align with CSA standard requirements. The result of the review and recommendations provided can serve as a reference for organizations and individual users when deciding security needs and service level objectives for PaaS based deployments.