Doctoral Candidate

Doctoral Candidate

Computing and Information Sciences

Research Projects

Active Research Projects

Bug Framework

Collaborating with National Institute of Standard and Technology (NIST) in The Bug Framework project by reviewing software weaknesses in public repositories such as CVE and CVE and defining properties of a new Input/Output bug class to make bugs descriptive for developers. NIST Bug Framework Project

Attack Surface Detection

The notion of Attack Surface refers to the critical points on the boundary of a software system which are accessible from outside or contain valuable content for attackers. In this study, we leverage combination of a qualitative analysis approach, program analysis and text mining to identify attack surface components.

Vulnerability Detection

Automatic vulnerability discovery is an effective technique for early identification of vulnerable components in software projects. In this project, we use deep learning and other machine learning techniques to propose vulnerability discovery models.

Previous Research Projects

Proposed roadmap to address challenges of Shiraz Electricity Distribution Company based on data mining

In this project, we identified existing challenges of different departments of ShED Co. and problems in the company departments and proposed a roadmap of how to use data mining algorithms to solve the challenges in different departments of ShED Co.

Use of Information Technology to Detect Tampered Electricity Meters

In this project, we proposed a machine learning technique based on outlier detection to detect tampered electricity meters and developed a software system based on the proposed algorithm that can be used by the company to detect tampered electricity meters.

Securing SCADA Systems

Employing secure coding guidelines in ICS is a difficult task which needs the knowledge of both Security and Control. In this project, we performed the first attempt of employing secure coding guidelines into an industrial application. We improved the security of a real word SCADA application named OpenSCADA by leveraging security practices provided in public vulnerability repositories such as CWE.

Software Vulnerability Prediction

Software vulnerability prediction is a tedious and time-consuming task. It is not possible for development teams to review all code areas to detect software vulnerabilities. In this project, we tried to automate the vulnerability prediction process by providing data-driven vulnerability prediction models.