Publications

Journals/Book Chapters

• Irfan Ahmed, Vassil Roussev, "Analysis of Cloud Digital Evidence", In Security, Privacy, and Digital Forensics in the Cloud, L. Chen, and H. Takabi (Eds.), IGI Global, 2018.


• Irfan Ahmed, Vassil Roussev, "Peer Instruction Teaching Methodology for Cybersecurity Education", IEEE Security & Privacy, Vol. 16, No. 4, July 2018.


• Irfan Ahmed, Sebastian Obermeier, Sneha Sudhakaran, Vassil Roussev, "Programmable Logic Controller Forensics", IEEE Security & Privacy, Vol. 15, No. 6, November 2017.


• Justin Russell, Carl Weems, Irfan Ahmed, Golden G. Richard III, "Self-reported secure and insecure cyber behaviour: factor structure and associations with personality factors", Journal of Cyber Security Technology, Taylor & Francis, 2017.


• Vassil Roussev, Irfan Ahmed, Andres Barreto, Shane McCulley, Vivek Shanmughan, "Cloud Forensics - Tool Development Studies & Future Outlook", Digital Investigation, Elsevier, Vol. 18, 2016


• Irfan Ahmed, Sebastian Obermeier, Martin Naedele, Golden G. Richard III, "SCADA systems: Challenges for Forensic Investigators", IEEE Computer, Vol. 45, No. 12, December 2012.


• Irfan Ahmed, Martin Naedele, Bradley Schatz, Ryoichi Sasaki, Andrew West, "SCADA System Security", International Journal of Information Security, Springer, Vol. 11, No. 4, August 2012. (Editorial)


• Irfan Ahmed, Kyung-suk Lhee, "Classification of Packet Contents for Malware Detection", Journal in Computer Virology, Springer, Vol. 7, No. 4, pp. 279-295, October 2011.


• Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, "Content-based File-type Identification using Cosine Similarity and a Divide-and-Conquer approach", IETE Technical Review, Vol. 27, No. 6, pp.465-477, November 2010.

Conferences/Workshops

• Manish Bhatt, Irfan Ahmed, "Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification", In the 18th Annual Digital Forensics Research Conference (DFRWS'17), July 2018, Providence, RI.
  (Acceptance rate (31.8%): 14 full-papers / 44 full-paper submissions)
  


• Saranyan Senthivel, Shrey Dhungana, Hyunguk Yoo, Irfan Ahmed, Vassil Roussev, "Denial of Engineering Operations Attacks in Industrial Control Systems", In 8^th ACM Conference on Data and Application Security and Privacy (CODASPY'18), March 2018, Tempe, AZ, USA.
  (Acceptance rate (22%): 24 regular papers / 110 submissions)
  


• Manish Bhatt, Irfan Ahmed, Zhiqiang Lin, "Using Virtual Machine Introspection for Operating Systems Security Education", In 49^th ACM Technical Symposium on Computer Science Education (SIGCSE), February 2018, Baltimore, Maryland, USA.


• Jonathan Grimm, Irfan Ahmed, Vassil Roussev, Manish Bhatt, ManPyo Hong, "Automatic Mitigation of Kernel Rootkits in Cloud Environments", In the 18^th World Conference on Information Security Applications (WISA'17), Lecture Notes in Computer Science (LNCS) Springer, August 2017, Jeju Island, South Korea


• William Johnson, Irfan Ahmed, Vassil Roussev, Cynthia B. Lee, "Peer Instruction for Digital Forensics", In USENIX Advances in Security Education Workshop (ASE'17), co-located with 26^th USENIX Security Symposium, August 2017, Vancouver, BC, Canada


• Saranyan Senthivel, Irfan Ahmed, Vassil Roussev, "SCADA Network Forensics of the PCCC Protocol", In the 17th Annual Digital Forensics Research Conference (DFRWS'17), August 2017, Austin, USA.


• Irfan Ahmed, "Supervisory Control and Data Acquisition (SCADA) Forensics: Network Traffic Analysis for Extracting a Programmable Logic Controller (PLC) System and Programming Logic Files", In the 69^th Annual Meeting of the American Academy of Forensic Sciences, February 2017, New Orleans, USA. (Extended Abstract)


• Irfan Ahmed, Vassil Roussev, William Johnson, Saranyan Senthivel, Sneha Sudhakaran, "A SCADA System Testbed for Cybersecurity and Forensic Research and Pedagogy", In the 2^nd Annual Industrial Control System Security Workshop (ICSS'16), In conjunction with 32^nd Annual Computer Security Applications Conference (ACSAC'16), December 2016, Los Angeles, CA, USA.


• William Johnson, Allison Luzader, Irfan Ahmed, Vassil Roussev, Golden G. Richard III, Cynthia B. Lee, "Development of Peer Instruction Questions for Cybersecurity Education", USENIX Advances in Security Education Workshop (ASE'16), co-located with 25^th USENIX Security Symposium, August 2016, Austin, TX


• Aisha Ali-Gombe, Golden G. Richard III, Irfan Ahmed, Vassil Roussev, "Don't Touch that Column: Portable, Fine-Grained Access Control for Android's Native Content Providers", In the 9^th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'16), July 2016, Darmstadt, Germany.


• Vassil Roussev, Andres Barreto, Irfan Ahmed, "Forensic Acquisition of Cloud Drives", In the 12^th IFIP WG 11.9 International Conference on Digital Forensics, January 2016, New Delhi, India


• Aisha Ali-Gombe, Irfan Ahmed, Golden G. Richard III, Vassil Roussev, "OpSeq: Android Malware Fingerprinting", In the 5^th Program Protection and Reverse Engineering Workshop (PPREW'15), In conjunction with 31^st Annual Computer Security Applications Conference (ACSAC'15), December 2015, Los Angeles, CA, USA


• Irfan Ahmed, Vassil Roussev, Aisha Ali Gombe, "Robust Fingerprinting for Relocatable Code", Proceedings of the 5^th ACM Conference on Data and Application Security and Privacy (CODASPY'15), March 2015, San Antonio, TX, USA.
  (Acceptance rate (20.87%): 19 full papers / 91 submissions)


• Irfan Ahmed, Vassil Roussev, Aisha Ali Gombe, "Memory Forensics: Reliable In-Memory Code Identification Using Relocatable Pointers", Proceedings of the 67^th Annual Meeting of the American Academy of Forensic Sciences, February 2015, Orlando, FL, USA. (Extended Abstract)


• Vassil Roussev, Irfan Ahmed, Thomas Sires, "Image-Based Kernel Fingerprinting", Proceedings of the 14^th Annual Digital Forensics Research Conference (DFRWS'14) , August 2014, Denver CO, USA.
  (Acceptance rate (28.8%): 15 regular papers / 52 submissions)
  -- published by Digital Investigation Journal, Elsevier


• Irfan Ahmed, Golden G. Richard III, "Kernel Pool Monitoring to Support Malware Forensics in a Cloud Computing Environment", Proceedings of the 66^th Annual Meeting of the American Academy of Forensic Sciences , February 2014, Washington, USA. (Extended Abstract)


• Golden G. Richard III, Irfan Ahmed, "Compressed RAM and Live Forensics", Proceedings of the 66^th Annual Meeting of the American Academy of Forensic Sciences , February 2014, Washington, USA. (Extended Abstract)


• Irfan Ahmed, Golden G. Richard III, Aleksandar Zoranic, Vassil Roussev, "Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection", Proceedings of the 16^th Information Security Conference (ISC'13) , November 2013, Dallas, Texas, USA.
  (Acceptance rate (23%): 16 regular papers / 70 submissions) (Best Paper Award)


• Irfan Ahmed, Golden G. Richard III, "Live Forensic Analysis of Kernel Code for Malware Detection in Cloud Computing Environments", Proceedings of the 65^th Annual Meeting of the American Academy of Forensic Sciences , pp. 154-155, February 2013, Washington, USA. (Extended Abstract) (Outstanding Research Award)


• Irfan Ahmed, Aleksandar Zoranic, Salman Javaid, Golden G. Richard III, Vassil Roussev, "Rule-based Integrity Checking of Interrupt Descriptor Table in Cloud Environments", Proceedings of the 9^th IFIP WG 11.9 International Conference on Digital Forensics , January 2013, Orlando, Florida, USA.
  -- published as a book chapter in Advances in Digital Forensics IX, Springer


• Salman Javaid, Aleksandar Zoranic, Irfan Ahmed, Golden G. Richard III, "Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment", Proceedings of the 6^th Layered Assurance Workshop (LAW'12), In conjunction with the 28^th Annual Computer Security Applications Conference (ACSAC'12) , December 2012, Orlando, Florida, USA.


• Irfan Ahmed, Aleksandar Zoranic, Salman Javaid, Golden G. Richard III, "ModChecker: Kernel Module Integrity Checking in the Cloud Environment" , Proceedings of the 4^th International Workshop on Security in Cloud Computing (CloudSec'12), In conjunction with the 41^st International Conference on Parallel Processing (ICPP'12), pp. 306-313, September 2012, Pittsburgh, Pennsylvania, USA.


• Eesa Al Soalmi, Colin Boyd, Andrew Clark, Irfan Ahmed, "User-Representative Feature Selection for Keystroke Dynamics" , Proceedings of the 5^th International Conference on Network and System Security (NSS' 11), pp. 229-233, September 2011, Milan, Italy.


• Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark, "Gap Analysis of Intrusion Detection in Smart Grids" , International Cyber Resilience Conference , pp. 38-46, August 2011, Perth, Australia. (Best Paper Award)


• Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, "Fast Content-based File-type Identification", Proceedings of the 7^th IFIP WG 11.9 International Conference on Digital Forensics , pp. 65-75, February 2011, Orlando, Florida, USA.
  -- published as a book chapter in Advances in Digital Forensics VII, Springer


• Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, "Fast File-type Identification" , Proceedings of the 25^th Annual ACM Symposium on Applied Computing, (SAC'10) , pp. 1601-1602, March 2010, Sierre, Switzerland.


• Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin, ManPyo Hong, "On Improving the Accuracy and Performance of Content-based File-type Identification" , Proceedings of the 14^th Australasian conference on information security and privacy (ACISP'09) , Lecture notes in computer science (LNCS), pp. 44-59, July 2009, Brisbane, Australia.
  (Acceptance rate (28.3%): 30 regular papers / 106 submissions)
  


• Irfan Ahmed, Kyung-suk Lhee, "Detection of Malcodes by Packet Classification" , International Workshop on Privacy and Security by means of Artificial Intelligence (PSAI'08), In conjunction with the 3^rd IEEE International Conference on Availability Reliability and Security (ARES'08), pp. 1028-1035, March 2008, Barcelona , Spain.


• Irfan Ahmed, Usman Tariq, Shoaib Mukhtar, Kyung-suk Lhee, Seung-Wha Yoo, Piao Yanji and Manpyo Hong, "Binding Update Authentication Scheme for Mobile IPv6" , Proceedings of the 3^rd IEEE International Symposium on Information Assurance and Security (IAS'07) , pp. 109-114, August 2007, Manchester, United Kingdom.
  (Acceptance rate (42.5%): 60 regular papers / 141 submissions)