Contacts
- c-sar@ud.ac.ae
- Academic City, Emirates Road - Exit 49 - Dubai
- Follow our LinkedIn Page
| Cybersecurity continues to be probed with an eye on how the growing diversification of PM is propelling itself forward. One growing tendency is to migrate PM into delays in execution to avoid detection mechanisms. This research derives a PM time-sensitive behavioral model that detects polymorphic attacks before their execution of malicious behavior and improves machine learning-based malware detection. Nonetheless, current false single-model systems fail to identify time-based attack methods, resulting in excessive false negatives. The purpose of this research is to maximize detection quality with low false positives, zero false negatives, and better interpretability for cybersecurity analysts. The principal objective of the research pertains to the reliability of detecting PM that has delayed execution and identifying the same from benign software with identical behaviors. The findings of this study highlight the effectiveness of incorporating hybrid traditional machine learning models with time-sensitive models to detect delayed execution PM. Four models—Random Forest, XGBoost, and LSTM, —were experimented with a synthetic data set incorporating behavioral characteristics such as SleepTime, FileWrite, NetworkConn, JunkOps, and ExecutionDuration. Findings indicate that Random Forest and XGBoost achieved high accuracy (99.09% and 99.56%, respectively) with extremely low false positives. The LSTM model demonstrated good recall (99.01%), correctly capturing malware that delays execution, though at the cost of slightly higher false positives. Additional experiments revealed early models struggling to capture delayed-execution PM, as speculated that conventional behavior models are prone to misclassifying such threats since the typical monitoring window is generally shorter. However, working with synthetic time-diverse datasets significantly improved the accuracy of detections, particularly that of LSTM as well as of the ensemble detectors. Reiterate retraining with previously unidentified samples reintroduced with re-aligned delays also tremendously increased flexibility with decreasing false negatives over time. The findings justify the time-informed detection proposed as a sustainable solution for battling PM attacks leveraged to evoke execution delay evasion. In summary, the work suggested in this paper offers a novel detection method that incorporates synthetic dataset generation, time-sensitive machine learning algorithms, and iterative learning to improve PM detection. The results highlight the importance of behavioral and temporal analysis in cybersecurity, offering an extensible model for evasive malware technique prediction and prevention. |
| This study looks into machine learning techniques for detecting phishing URL detection, paying special attention to Linear Discriminant Analysis (LDA). The research focuses on the effectiveness of LDA in classifying phishing URLs by using class separability to transform high-dimensional data into a lower-dimensional space. LDA is a suitable close competitor to other models in terms of accuracy and the computational efficiency required for real-time phishing detection. The methodology involves collecting a dataset of legitimate and phishing URLs, extracting relevant features, and applying LDA for classification. While the findings indicate that LDA is advantageous, several limitations also emerged, most notably its reliance on linear separability and presumed covariance structure assumptions, which may affect its operation against complex phishing techniques. The study calls for further improvement in the experimental methodology for phishing detection strategies, proposing the integration of LDA with ensemble learning techniques. This research contributes to the growing body of knowledge that refines LDA’s assumptions and embeds dynamic learning capabilities to enhance detection accuracy and resilience to changing cyber threats. |
| Commercial drones are becoming increasingly popular because of their affordability and security features. The study aims to create a digital forensics framework tailored explicitly for commercial drones. The study of developing a digital forensics framework for commercial drones to ensure the integrity of the evidence will be the primary focus to accomplish this goal. It led to the investigation of previous studies in the literature, which facilitated the identification of seven digital forensic frameworks appropriate for commercial drones. These digital forensic investigation frameworks for commercial drones include the following: the Unified Forensic Investigation Model, the Drone Forensics Framework to Examine Flight Log Examination, UAV Architecture, the CCAFM model, the UPASITA Drone Forensic Framework, the Drone Forensics Framework to Detect Flight Abnormality, and the Best Practices Framework for Drone Forensics (SWGDE) model. These illustrate how frameworks are crafted to tackle specific elements. The study compared these seven frameworks and addressed the gaps by proposing a framework that focused on various key aspects of digital forensics. The proposed framework follows a qualitative case study methodology based on applied research principles applied in the 22 cases. The findings confirm the proposed framework is practical and handles the gaps in the existing literature, and it is known for its practicality and integrity. |
| This thesis covers the application of the EfficientNet family of machine learning models in a blind steganalysis system to detect hidden information within digital images and classify whether they are clean or steganographic, maintaining a strong balance between accuracy and computational efficiency.
The scope of the project utilizes the ALASKA 02 dataset which is obtained from Kaggle’s website. The dataset consists of 300,000 images segmented into 4 categories which are Cover, JMiPOD, JUNIWARD, and UERD. Using the EfficientNet-b2 architecture, our program was able to achieve peak accuracy of 91.2%, surpassing expectations and scores of similar models. The proposed and implemented methodology employs comprehensive data preprocessing and augmentations structure. Group k folding, label smoothing, and dynamic learning rate scheduling were utilized to facilitate robustness and generalization against unseen testing data. The results showcase the model’s effectiveness in successfully detecting hidden information and classifying it based on the steganographic algorithm used. While the system has achieved a considerably high accuracy rate, many limitations and issues were faced throughout the project’s lifecycle. These include hardware constraints and the scarcity of available training datasets. However, these also spark ideas to be implemented in future work and solve these issues by leveraging more complex machine learning algorithms and more diverse datasets. By providing a scalable solution with applications ranging in fields such as digital forensics, large corporations cybersecurity, and content authentication, this thesis highlights the potential and importance of utilizing machine learning models in blind steganalysis. |
| This study explores the use of supervised learning techniques in machine learning methods to identify cyberattacks in smart grid infrastructure. As smart grids become more dependent on interconnected technologies, they also become more vulnerable to cybersecurity threats. In response to this threat, the research compares an array of machine learning algorithms with the aim of finding effective models for classifying malicious activities within the grid context. A comparison of literature offers a basis for choosing applicable models and their uses in cybersecurity. The algorithms reviewed are Extra Trees, XGBoost, Random Forest, Bagging Classifier, Logistic Regression, Decision Tree, and K-Nearest Neighbors (KNN). Also, deep learning models such as Multi-Layer Perceptron (MLP) and Long Short-Term Memory (LSTM) networks are used because of their ability to identify intricate patterns in data and temporal relationships. Model performance is measured by usual metrics: accuracy, precision, recall, F1 score, and confusion matrix. Among all the models, the Extra Trees Classifier showed the best performance, with 98% accuracy, 0.98 precision, 0.99 recall, and an F1 score of 0.99. The Random Forest had a close run with 97% accuracy. XGBoost and Bagging Classifier both got 96% accuracy with negligible variations in other measures. Logistic Regression performed worse overall, with 78% accuracy while having a very high recall of 0.94. Decision Tree and KNN had accuracies of 93% and 92%, respectively, but resulted in more misclassifications than ensemble algorithms. Deep learning methods improved consistently with training epochs; the optimal MLP model reached a precision and recall of 91.88%, and LSTM reached 93.83%. Yet, none outperformed the best performing tree-based classifiers. These results underscore the potency of ensemble learning approaches in smart grid cyber defense and point toward prioritizing future investigation of real-time detection strategies, including an examination of the applicability of federated learning for privacy-concerned decentralized solutions. |
| This develops an AI cybersecurity system that merges Retrieval-Augmented Generation (RAG) technology with a fine-tuned BERT model to solve present-day cybersecurity problems that include user query management and phishing attack Analysis. A combination of discrimination and generation AI methods enables the system to provide detailed threat awareness together with precise threat identification.
The BERT-based phishing Analysis module functions as an advanced security barrier to identify phishing threats present in emails and URLs and SMS messages with high accuracy. Users receive warning alerts through this system to make immediate prevention possible. While operating alongside the “RAG-based chatbot” functions to provide users with context-specific information through real-time assistance along with dynamic statistical analyses about cybersecurity development. This two-part architecture design provides a powerful combination of defense capabilities because BERT delivers accurate threat Analysis from data while RAG creates valuable real-time feedback for users through its informative system. The system operates as a strong instrument for contemporary Security Operations Centers (SOCs) and threat monitoring setups through its combined functionality. The project methodology followed three structured phases of operation. The initial phase concentrated on data acquisition and preparation where data was obtained from repositories PhishTank, OpenPhish and Hugging Face. The analysis incorporated 18,000 emails with 5,971 SMS messages and 800,000 URLs and 80,000 website entries. The system used PyPDF2 and BeautifulSoup to parse PDFs and HTML followed by LangChain text chunking and OpenAI and Hugging Face models for dense vector embedding conversion of content before storage in FAISS. The vectors were placed into a FAISS database to enable quick semantic searches. The RAG pipeline operated during system architecture by obtaining document fragments from FAISS and producing responses using GPT-3.5 Turbo with BERT-based threat analysis integration. The BERT model (`bert-base-uncased`) received 15,756 balanced samples to develop its capacity to differentiate between phishing and benign inputs. The model performance received enhancements through applied feature engineering methods which included URL-based attributes in addition to NLP preprocessing. Evaluation results demonstrated strong performance. The RAG module showed strong context precision at 0.83 yet its answer relevancy scored 0.66 alongside low factual accuracy that resulted in a faithfulness score of 0.14. The exceptional performance of the BERT model showed 94.2% accuracy together with 93.7% precision and 92.5% recall and 93.1% F1-score, indicating very few mistaken classifications.
|
| This study addresses the problem of fake reviews on e-commerce platforms using a hybrid quantum-classical machine learning approach. Classical models (SVM, KNN, NB, RF, LR) were first implemented for baseline comparison. Quantum models using Amplitude Embedding and entanglement-based circuits were then proposed and combined with classical models to form a hybrid model. A meta-classifier and feature fusion strategy were also introduced to enhance performance. The hybrid models, particularly QKNN and NB + QNB, achieved 100% accuracy. Explainable AI techniques were used to interpret predictions, highlighting key linguistic features. The results demonstrate the potential of hybrid QML models in improving both accuracy and interpretability in fake review detection.
|
| Nowadays, people wear Android-based smartwatches frequently in their daily life, not only for health and fitness tracking but also for communication, navigation, payments, etc. But as more things get connected, more and more security loopholes are exposed. Due to their small size, low processing power, and constant syncing with our smartphones and cloud accounts, these devices are easy to get infected with malware but hard to extract data and investigate.
This thesis examines the rising demand for cybersecurity of Android smartwatches and how pre-forensics can be enhanced to tackle malware problems. After reviewing previous research, real-world cyber incidents, and current forensic limitations, this study proposed a framework that takes into account the structure of these wearable devices and their limitations. Moreover, the framework describes the steps to observe the smartwatch, identify malware indicators, define forensics acquisition strategies, and document the findings to assist pre-digital forensics investigations in detail without tampering with the evidence. The work is not done via live technical analysis. It rather assesses certain documented cases, research papers, industrial trends, etc. To begin with, there are no dedicated tools and procedures for malware investigations on smart watches. That is why the study aims to develop a structured, scalable, and real-time pre-forensics model that can be used in the field and expanded in future technical applications. |
Financial security, together with fraud prevention, heavily relies on the ability to identify suspicious money transactions. An investigation of machine learning methodologies aims to develop more accurate as well as efficient fraud detection solutions. Multiple traditional and deep learning models such as Random Forest, Gradient Boosting, AdaBoost, Logistic Regression, Decision Tree, Support Vector Machine (SVC), Gaussian Naïve Bayes, K-Nearest Neighbors (KNN), Recurrent Neural Networks (RNN), Long Short-Term Memory (LSTM) and BERT underwent evaluation using accuracy, cross-validation accuracy, precision, recall and F1-score performance metrics.
Random Forest emerges as the optimal model for structured transaction data analysis because it delivers both high accuracy of 99.94% and efficient computation. BERT demonstrated superior text-based fraud detection because it achieved an accuracy rate of 99.97%. The RNN and LSTM proliferation models demonstrated sequential data analysis ability, yet failed to obtain better risk detection results than basic classifiers. The research demonstrates that blending Random Forest with BERT creates an optimal system for combined structured and unstructured analysis of financial fraud.
Financial security improvements can be reached through integrating advanced machine learning models into fraud detection frameworks, according to these research results. Future investigations should concentrate on improving hybrid systems performance for live financial operations and finding methods to improve their scalability across extensive financial systems.