Bahman Rashidi

 Selected Projects

	Project:  Applying machine learning (Support Vector Machines) and online learning to mobile privacy Collaborators:   Carol Fung (VCU), Elisa Bertino (Purdue University) Applied tools:  Python, scikit-learn, Machine Learning, SVM and Statistical Analysis Status:  Completed Description:  Developing a tool to classify malware using machine learning. more details In this project, we designed and developed an Android malicious application detection framework using the Support Vector Machine (SVM) and Active Learning technologies. In our project, we extracted applications' activities while in execution and map them into a feature set, we then attach timestamps to some features in the set. Our novel use of time-dependent behavior tracking can significantly improve the malware detection accuracy. In particular, we built an active learning model using Expected error reduction query strategy to integrate new informative instances of Android malware and retrain the model to be able to do adaptive online learning. We evaluated our model through a set of experiments on the DREBIN benchmark malware dataset. Our evaluation results showed that the proposed approach can accurately detect malicious applications and improve updatability against new malware samples.
	Project:  XDroid Collaborators:   Carol Fung (VCU), Elisa Bertino (Purdue University) Applied tools:  Python, Android, MATLAB, Machine Learning, SVM, Statistical Analysis and Batch prog. Status:  Completed Description:   Developing a tool to assess the risk of mobile apps using statistical learning. more details In this project, we designed and developed XDroid, an Android application and resource risk assessment framework using Hidden Markov Model (HMM), Online Learning and Statistical Analysis technologies. In our project, we first mapped applications' behaviors into an observation set, and we attached timestamps to some observations in the set. Our novel use of temporal behavior tracking significantly improved the detection/classification accuracy, and that the HMM generated risk alerts when suspicious behaviors are detected. Furthermore, we introduce an online learning model to integrate the input from users and provide adaptive risk assessment. We evaluated our model through a set of experiments on the DREBIN benchmark malware dataset. Our evaluation results demonstrated that the proposed model can accurately assess the risk levels of malicious applications and provide adaptive risk assessment based on user input.
	Project:  DroidNet Collaborators:  Carol Fung (VCU), Tam Vu and Anh Nhuyen (UC Boulder) and Elisa Bertino (Purdue Univ.) Applied tools:  Android, Java, Python, PHP, MySQL and MATLAB Status:  Completed Description:   Developing a framework on Android OS to manage resource permissions. more details In this project, we designed and developed a framework to assist the technically incapable smartphone users to make correct decisions on granting permissions to mobile applications. We developed DroidNet, an Android permission control framework based on crowdsourcing. At its core, DroidNet runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or reject the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise ranking algorithm using a transitional Bayesian inference model. The recommendation is based on the aggregated expert responses and its confidence level. Our real user experimental results demonstrate that DroidNet provides accurate recommendations and cover the majority of app requests given a small coverage from a small set of initial experts.
	Project:  BotTracer Collaborators:   Carol Fung (VCU) Applied tools:  Python, Java, Machine Learning, Clustering. Status:  Completed Description:   Design and development of a clustering-based bot detection model. more details In this project, we designed and developed a clustering-based method called BotTracer to find groups of bot users controlled by the same masters, which can be used to detect bot users with high reputation scores. The key part of the this project is to map the users into a graph based on their similarity and apply a clustering algorithm to group users together. We evaluated our method using a set of simulated users' profiles, including malicious users and regular ones. Our experimental results demonstrated high accuracy in terms of detecting malicious users.
	Project:  Applying Game Theory to malicious user detection Collaborators:   Carol Fung (VCU) Applied tools & techs.:  Java, MATLAB, Python. Status:  Completed Description:   Designing a game-theoretical model to disincentivize malicious users. more details In this project, we investigated the problem of misleading recommender systems by malicious users and designed a game-theoretical model to using a static Bayesian game-theoretical formulation. In the game, both players choose the best response strategy to minimize their loss in the interactions. We analyzed the game model and found both pure strategy Nash equilibrium and mixed strategy Nash equilibrium under different scenarios.
	Project:  DroidVisor Collaborators:   Pulkit Rustgi (VCU), Carol Fung (VCU), Bridget McInnes (VCU) Applied tools & techs.:  Java, NLP, MALLET, LDA and Lesk. Status:  Completed Description:   Using NLP to develop an Android secure application recommendation system. more details In this project, we developed DroidVisor, an Android tool that provides users with fine-grained and customizable application recommendations. Compared to the Google store recommendation function, DroidVisor does not only use the similarity to a preselected target application, but also considers other metrics such as popularity, security, and usability. More specifically, DroidVisor provides an interface for users to configure the weight of each metric and a recommendation algorithm that generates a list of recommended applications based on the combined scores. We evaluated our proposed criteria and the quality of recommendation through usecase studies.
	Project:  CoFence Collaborators:   Carol Fung (VCU), Elisa Bertino (Purdue University) Applied tools:  Python, Java, MATLAB Status:  Completed Description:   Designing a collaborative NFV-based framework to protect network domains. more details In this project, we designed a DDoS defense mechanism named CoFence which facilitates a "domain-helps-domain" collaboration network among NFV-based domain networks. CoFence allows domain networks to help each other in handling large volume of DDoS attacks through resource sharing. Specifically, we designed a dynamic resource allocation mechanism for domains so that the resource allocation is fair, efficient, and incentive-compatible. The resource sharing mechanism is modeled as a multi-leader-follower Stackelberg game. In this game all domains have a degree of control to maximize their own utility. The resource supplier domains determine the amount of resource to each requesting peer based on optimizing a reciprocal-based utility function. On the other hand, the resource requesting domains decide the level of demand to send to the resource supplier domains in order to reach sufficient support. Our experimental results demonstrated that the designed resource allocation game is effective, incentive compatible, fair, and reciprocal under its Nash Equilibrium.

 Open-source Projects

Project:  DroidCat Dataset Collaborators:   Pulkit Rustgi (VCU), Carol Fung (VCU), Bridget McInnes (VCU) Applied tools:  Batch programming, Python and Java Status:  Completed Description:   Generating a dataset of Android malware/benign apps' activities logs. more details The dataset contains 950 Android application logs from different malware categories. Applications are instrumented by human (real human-interaction) using DroidCat Logger tool so the behavior logs highly assemble real world executing of Android apps. The dataset contains 440 malicious and 508 benign (normal) app logs. The logs have been captured for XDroid project.

Project:  DroidCat Logger Collaborators:   Pulkit Rustgi (VCU), Carol Fung (VCU), Bridget McInnes (VCU) Applied tools:  Batch programming, Android, Python and Java Status:  Completed Description:   Developing a tool to instrument mobile apps through real-human interaction. more details DroidCat logger is a software package developed to instrument Android applications and capture their log activities. The main merit of DroidCat is that it can instrument apps through real human-interaction, so we can get behavior logs which highly assemble real world executing of Android apps. DroidCat Logger has been developed for XDroid project.

 Projects to be Commercialized

Project:  RecDroid Collaborators:   Carol Fung (VCU) Applied tools:  Android, Java, Python, PHP, MySQL and MATLAB Sponser:  VCU Innovation Office Status:  Completed Description:   Developing of a framework to manage mobile apps' resource permissions. more details In this project, we designed and developed a framework to assist the technically incapable smartphone users to make correct decisions on granting permissions to mobile applications. We developed RecDroid, an Android permission control framework based on crowdsourcing. At its core, DroidNet runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or reject the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise ranking algorithm using a transitional Bayesian inference model. The recommendation is based on the aggregated expert responses and its confidence level. Our real user experimental results demonstrate that DroidNet provides accurate recommendations and cover the majority of app requests given a small coverage from a small set of initial experts.