En
  • دکتری (1387)

    مهندسی کامپیوتر، نرم‌افزار

    دانشگاه تربیت مدرس، تهران، ایران

  • کارشناسی‌ارشد (1379)

    مهندسی کامپیوتر، نرم‌افزار

    دانشگاه تربیت مدرس، تهران، ایران

  • کارشناسی (1376)

    مهندسی کامپیوتر، نرم افزار

    دانشگاه فردوسی مشهد، مشهد، ایران

  • امنیت شبکه
  • تشخیص نفوذ
  • مهندسی معکوس و تحلیل بدافزار
  • حریم خصوصی
  • جرم‌یابی دیجیتال
  • داده‌کاوی
  • رایانش تکاملی

    داده ای یافت نشد

    ارتباط

    رزومه

    A differentially private location generalization approach to guarantee non-uniform privacy in moving objects databases

    Fatemeh Deldar, Mahdi Abadi
    Journal PapersKnowledge-Based Systems , Volume 225 , 2021 April 27, {Pages 107084 }

    Abstract

    Recently there has been much interest in moving objects databases because of their applications in many domains, such as location-based services and traffic management. Moving objects databases store and manage information representing changes in the spatial properties of moving objects over time. Meanwhile, privacy protection has been one of the most important concerns in these databases. In this paper, we study this problem by presenting DPLG, a location generalization approach for moving objects databases that preserves the strong guarantee of differential privacy. Our main goal is to guarantee non-uniform privacy for locations with different privacy protection requirements while being scalable for spatial domains with a large number of

    Incremental collusive fraud detection in large-scale online auction networks

    Mahila Dadfarnia, Fazlollah Adibnia, Mahdi Abadi, Ali Dorri
    Journal PapersThe Journal of Supercomputing , 2020 January 25, {Pages 22-Jan }

    Abstract

    An online auction network (OAN) is a community of users who buy or sell items through an auction site. Along with the growing popularity of auction sites, concerns about auction frauds and criminal activities have increased. As a result, fraud detection in OANs has attracted renewed interest from researchers. Since most real OANs are large-scale networks, detecting fraudulent users is usually difficult, especially when multiple users collude with each other and new online auctions are continuously added. Although collusive auction frauds are not as popular as other types of auction frauds, they are more horrible and catastrophic because they often bring huge financial losses. To tackle this issue, some techniques have been proposed to detec

    HAL-RD: Cross-correlating heterogeneous alerts and logs using resource dependencies

    Mahdieh Safarzadeh, Mahdi Abadi, Alireza Nowroozi
    Conference Papers35th Annual ACM Symposium on Applied Computing (SAC) , 2020 March 30, {Pages 1726–1735 }

    Abstract

    Many organizations today use a variety of security and monitoring tools at various levels of defense. These tools often generate heterogeneous alerts and logs when an attack occurs. Because of the large volume and dispersion of these alerts and logs, the manual cross-correlation of them is a time-consuming and labor-intensive task. The main challenge is that heterogeneous alerts and logs generated as a result of an attack stage do not necessarily have common features, or there are no explicit relationships between them that can be used for cross-correlation. In this paper, we overcome this deficiency by presenting HAL-RD, a novel technique that uses resource dependencies to cross-correlate heterogeneous alerts and logs. In this technique, w

    A fully spatial personalized differentially private mechanism to provide non-uniform privacy guarantees for spatial databases

    Nadia Niknami, Mahdi Abadi, Fatemeh Deldar
    Journal PapersInformation Systems , Volume 92 , 2020 April 8, {Pages 101526 }

    Abstract

    Spatial databases are essential to applications in a wide variety of domains. One of the main privacy concerns when answering statistical queries, such as range counting queries, over a spatial database is that an adversary observing changes in query answers may be able to determine whether or not a particular geometric object is present in the database. Differential privacy addresses this concern by guaranteeing that the presence or absence of a geometric object has little effect on query answers. Most of the current differentially private mechanisms for spatial databases ignore the fact that privacy is personal and, thus, provide the same privacy protection for all geometric objects. However, some particular geometric objects may be more

    Enhancing spatial and temporal utilities in differentially private moving objects database release

    Fatemeh Deldar, Mahdi Abadi
    Journal PapersInternational Journal of Information Security , 2020 July 24, {Pages 23-Jan }

    Abstract

    The pervasive use of mobile technologies and GPS-equipped vehicles has resulted in a large number of moving objects databases. Privacy protection is one of the most significant challenges related to moving objects databases because of the legal requirements in many application domains. Over the last few years, several differentially private mechanisms have been proposed for moving objects databases. However, most of them aim to answer statistical queries and do not release a differentially private version of a moving objects database. In this paper, we present DP-MODR, a differentially private (DP) mechanism for synthetic moving objects database release (MODR). DP-MODR tries to efficiently and effectively release synthetic trajectories whil

    RAMD: Registry-based anomaly malware detection using one-class ensemble classifiers

    Asghar Tajoddin, Mahdi Abadi
    Journal PapersApplied Intelligence , Volume 49 , Issue 7, 2019 July , {Pages 2641–2658 }

    Abstract

    Malware is continuously evolving and becoming more sophisticated to avoid detection. Traditionally, the Windows operating system has been the most popular target for malware writers because of its dominance in the market of desktop operating systems. However, despite a large volume of new Windows malware samples that are collected daily, there is relatively little research focusing on Windows malware. The Windows Registry, or simply the registry, is very heavily used by programs in Windows, making it a good source for detecting malicious behavior. In this paper, we present RAMD, a novel approach that uses an ensemble classifier consisting of multiple one-class classifiers to detect known and especially unknown malware abusing registry keys

    PDP-SAG: Personalized privacy protection in moving objects databases by combining differential privacy and sensitive attribute generalization

    Fatemeh Deldar, Mahdi Abadi
    Journal PapersIEEE Access , Volume 7 , 2019 June 26, {Pages 85887–85902 }

    Abstract

    Moving objects databases have become an enabling technology for location-based applications. They mostly focus on the storing and processing of data about moving objects. Privacy protection is one of the most important concerns related to such databases. In recent years, some mechanisms have been proposed to answer statistical queries over moving objects databases, while satisfying differential privacy. However, none of them consider the case where a moving objects database contains non-spatiotemporal sensitive attributes other than spatiotemporal attributes. Besides, most of them do not support the personalized privacy protection requirements of different moving objects. In this paper, we address these problems by presenting PDP-SAG, a dif

    HLMD: a signature-based approach to hardware-level behavioral malware detection and classification

    Mohammad Bagher Bahador, Mahdi Abadi, Asghar Tajoddin
    Journal PapersThe Journal of Supercomputing , 2019 January , {Pages Jan-32 }

    Abstract

    Malicious programs, or malware, often use code obfuscation techniques to make static analysis difficult. To deal with this problem, various behavioral detection techniques have been proposed that focus on runtime behavior to distinguish between benign and malicious programs. The majority of them are based on the analysis and modeling of system call traces, which are a common type of audit data often used to describe the interaction between programs and the operating system. However, the techniques are not widely used in practice because of high performance overheads. An alternative approach is to perform behavioral detection at the hardware level. The basic idea is to use information that is accessible through hardware performa

    Akoman: Hardware-level malware detection using discrete wavelet transform

    Niloofar S Alizadeh, Mahdi Abadi
    Conference Papers2018 4th IEEE International Conference on Smart Computing (SMARTCOMP) , 2018 June 18, {Pages 476–481 }

    Abstract

    Malware, short for malicious software, is a general collective term for any program that gains access to a system without the knowledge of the owner and fulfills the malicious intent of an attacker. Over the past few years, various techniques have been proposed that focus on the run-time behavior of programs in order to dynamically detect malware. Most of the techniques rely on the analysis of system call traces provided by the underlying operating system. An alternative and promising approach is to perform malware detection at the hardware level. In this paper, we pursue this line of research by presenting Akoman, a novel technique that uses hardware events in current modern processors to build behavioral models of malware. Akoman follows

    PLDP-TD: Personalized-location differentially private data analysis on trajectory databases

    Fatemeh Deldar, Mahdi Abadi
    Journal PapersPervasive and Mobile Computing , Volume 49 , , {Pages 1–22 }

    Abstract

    The ubiquity of location-aware mobile devices and information systems has made it possible to collect large amounts of movement data such as trajectories of moving objects. However, it must be carefully managed to ensure that the privacy of each moving object or sensitive location is guaranteed. In this paper, we investigate how different locations of a geographical map can meet their individual privacy protection requirements using differential privacy (DP). More specifically, we aim to guarantee that the inclusion of any trajectory data record in a trajectory database does not substantially increase the risk to its privacy, while ensuring the required level of privacy protection for each location. To achieve this, we introduce the concept

    SocialBotHunter: Botnet detection in Twitter-like social networking services using semi-supervised collective classification

    Ali Dorri, Mahdi Abadi, Mahila Dadfarnia
    Conference Papers2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom , 2018 August 12, {Pages 496–503 }

    Abstract

    An online social network (OSN) is a social structure made up of a set of users that are interested to communicate with each other in an online environment in order to share information. Social networking services (SNSs) are web-based platforms for building OSNs. SNSs are increasingly threatened by social bots that are fake or compromised user accounts with malicious intent, which mimic the behavior of legitimate users to evade detection. A social botnet refers to a group of social bots under the control of a single botmaster, which collaborate to conduct the same malicious activities. Using social botnets, spammers are now able to flood news and political websites with tens of thousands of comments. In recent years, there has been a growing

    Differentially private count queries over personalized-location trajectory databases

    Fatemeh Deldar, Mahdi Abadi
    Journal PapersData in Brief , Volume 20 , 2018 October 1, {Pages 1510–1514 }

    Abstract

    Differential privacy is a technique for releasing statistical information about a database without revealing information about its individual data records. Also, a personalized-location trajectory database is a trajectory database where locations have different privacy protection requirements and, thus, are privacy conscious. This data article is related to the research article entitled “PLDP-TD: Personalized-location differentially private data analysis on trajectory databases” (Deldar and Abadi, 2018 [1]), in which we introduced a new differential privacy notion for personalized-location trajectory databases, and devised a novel differentially private algorithm, called PLDP-TD, to implement this new privacy notion. Here, we describe h

    SMSBotHunter: A novel anomaly detection technique to detect SMS botnets

    Farnood Faghihi, Mahdi Abadi, Asghar Tajoddin
    Conference Papers2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) , 2018 August 28, {Pages 1–6 }

    Abstract

    Over the past few years, botnets have emerged as one of the most serious cybersecurity threats faced by individuals and organizations. After infecting millions of servers and workstations worldwide, botmasters have started to develop botnets for mobile devices. Mobile botnets use different mediums to communicate with their botmasters. Although significant research has been done to detect mobile botnets that use the Internet as their command and control (C&C) channel, little research has investigated SMS botnets per se. In order to fill this gap, in this paper, we first divide SMS botnets based on their characteristics into three families, namely, info stealer, SMS stealer, and SMS spammer. Then, we propose SMSBotHunter, a novel anomaly dete

    CAFD: Detecting collusive frauds in online auction networks by combining one-class classification and collective classification

    Nazanin Habibollahi, Mahdi Abadi, Mahila Dadfarnia
    Conference Papers2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) , 2017 September 6, {Pages 48–53 }

    Abstract

    Online auctions have become very popular over the last few years. This popularity is evidenced by the explosive growth of online auction sites with millions of users buying and selling goods from all over the world. However, this rapid growth of online auctions has also led to a corresponding increase in online frauds. While collusive auction frauds are not as common as other types of online frauds, they are more dangerous because they are more difficult to detect and often result in larger financial losses. In recent years, a number of techniques have been proposed to detect collusive frauds in online auction networks. While all the techniques have shown promising results, they often suffer from slow convergence or low detection performanc

    AMD-EC: Anomaly-based Android malware detection using ensemble classifiers

    Fariba Ghaffari, Mahdi Abadi, Asghar Tajoddin
    Conference Papers2017 25th Iranian Conference on Electrical Engineering (ICEE) , 2017 May 2, {Pages 2247–2252 }

    Abstract

    Due to significant increase in the popularity and usage of Android mobile devices, the number of malware targeting such devices has also increased dramatically. To confront with Android malware, several anomaly detection techniques have been proposed that are able to detect zero-day malware, but they often produce many false alarms that make them impractical for real-world use. In this paper, we address this problem by presenting AMD-EC, an entropy-based anomaly detection technique that uses an ensemble classifier consisting of multiple one-class classifiers to detect Android malware. Our work is motivated by the observation that combining multiple classifiers often produces higher overall classification accuracy than any individual classif

    DroidNMD: Network-based malware detection in Android using an ensemble of one-class classifiers

    Fariba Ghaffari, Mahdi Abadi, Asghar Tajoddin, Mahsa Lamiyan
    Journal PapersThe Modares Journal of Electrical Engineering , Volume 16 , Issue 3, 2017 October 23, {Pages 40–47 }

    Abstract

    During the past few years, the number of malware designed for Android devices has increased dramatically. To confront with Android malware, some anomaly detection techniques have been proposed that are able to detect zero-day malware, but they often produce many false alarms that make them impractical for real-world use. In this paper, we address this problem by presenting DroidNMD, an ensemble-based anomaly detection technique that focuses on the network behavior of Android applications in order to detect Android malware. DroidNMD constructs an ensemble classifier consisting of multiple heterogeneous one-class classifiers and uses an ordered weighted averaging (OWA) operator to aggregate the outputs of the one-class classifiers. Our work i

    PPTD: Preserving personalized privacy in trajectory data publishing by sensitive attribute generalization and trajectory local suppression

    Elahe Ghasemi Komishani, Mahdi Abadi, Fatemeh Deldar
    Journal PapersKnowledge-Based Systems , Volume 94 , 2016 February 15, {Pages 43–59 }

    Abstract

    Trajectory data often provide useful information that can be used in real-life applications, such as traffic management, Geo-marketing, and location-based advertising. However, a trajectory database may contain detailed information about moving objects and associate them with sensitive attributes, such as disease, job, and income. Therefore, improper publishing of the trajectory database can put the privacy of moving objects at risk, especially when an adversary uses partial trajectory information as its background knowledge. The existing approaches for privacy preservation in trajectory data publishing provide the same privacy protection for all moving objects. The consequence is that some moving objects may be offered insufficient privacy

    DroidMalHunter: A novel entropy-based anomaly detection system to detect malicious Android applications

    Fariba Ghaffari, Mahdi Abadi
    Conference Papers2015 5th International Conference on Computer and Knowledge Engineering (ICCKE) , 2015 October 29, {Pages 301–306 }

    Abstract

    Along with the significant increase in the popularity of Android mobile devices, the number of malicious applications running on them has also increased dramatically in the recent past. In this paper, we propose DroidMalHunter, a novel entropy-based anomaly detection system to detect meaningful deviations in the network behavior of Android applications. Our system is based on the observation that there is often low complexity in the traffic patterns of malicious applications, resulting in a high regularity in their observed network behavior that can be quantified by entropy measures. Exploiting this observation, we investigate the use of two popular entropy measures, namely sample entropy and modified sample entropy, in detecting malicious

    OC-WAD: A one-class classifier ensemble approach for anomaly detection in web traffic

    Elham Parhizkar, Mahdi Abadi
    Conference Papers2015 23rd Iranian Conference on Electrical Engineering (ICEE) , 2015 October 5, {Pages 631–636 }

    Abstract

    In recent years, web-based attacks have made up a substantial portion of all security attacks because web-based vulnerabilities are so common and so easy to exploit. To counter these attacks, many anomaly detection systems have been proposed that are able to detect both known and unknown attacks launched against web-based applications. However, most of them suffer from a large number of false alarms. In this paper, we address this problem by presenting OC-WAD, a novel approach to construct an ensemble of one-class SVM classifiers for anomaly detection in web traffic. OC-WAD uses a novel binary artificial bee colony algorithm, called BeeSnips, to prune the initial ensemble of one-class SVM classifiers and to find a near-optimal sub-ensemble.

    JSObfusDetector: A binary PSO-based one-class classifier ensemble to detect obfuscated JavaScript code

    Mehran Jodavi, Mahdi Abadi, Elham Parhizkar
    Conference Papers2015 International Symposium on Artificial Intelligence and Signal Processing (AISP) , 2015 March 3, {Pages 322–327 }

    Abstract

    JavaScript code obfuscation has become a major technique used by malware writers to evade static analysis techniques. Over the past years, a number of dynamic analysis techniques have been proposed to detect obfuscated malicious JavaScript code at runtime. However, because of their runtime overheads, these techniques are slow and thus not widely used in practice. On the other hand, since a large quantity of benign JavaScript code is obfuscated to protect intellectual property, it is not effective to use the intrinsic features of obfuscated JavaScript code for static analysis purposes. Therefore, we are forced to distinguish between obfuscated and non-obfuscated JavaScript code so that we can devise an efficient and effective analysis techni

    /pro/academic_staff/abadi/publication

    دروس نیمسال جاری

    • كارشناسي ارشد
      پروتكل هاي امنيتي ( واحد)
      دانشکده مهندسی برق و کامپیوتر، گروه معماري سيستم هاي كامپيوتري

    دروس نیمسال قبل

    • كارشناسي ارشد
      امنيت شبكه پيشرفته ( واحد)
      دانشکده مهندسی برق و کامپیوتر، گروه معماري سيستم هاي كامپيوتري
    • 1398
      احسني ثمرين, اتوسا
      تشخيص بدافزار با استفاده از شورايي از دسته‌بندهاي پيچشي عميق
    • 1399
      فتحي, حسين
    • 1400
      رستگار, تقي
    • 1400
      موسي زاده موسوي, سيده فاطمه
    • 1397
      دري, علي
      بهبود كشف آسيب‌پذيري‌هاي نرم‌افزاري در كدهاي باينري با تركيب اجراي نمادين كراندار و آزمون فاز
    • 1398
      شرفي, معصومه
      داده ای یافت نشد
      داده ای یافت نشد

    مهم

    جدید

      اطلاعیه ای درج نشده است