J. Haadi Jafarian Assistant Professor Dept. of Computer Science and Engineering University of Colorado Denver 704-408-3264 haadi.jafarian@ucdenver.edu EDUCATION Ph.D. 2017 University of North Carolina at Charlotte. Software and Information Systems. M.Sc. 2008 Sharif University of Technology. Information Technology. B.Sc. 2005 University of Tehran. Software Engineering. RESEARCH INTEREST/BACKGROUND My research interest lies in a spectrum of topics in security and privacy, including but not limited to active cyber defense, security analytics and automation, big data analytics for security and privacy, and securing critical infrastructures including cyber-physical systems, and Internet-of-Things. My Ph.D. research focuses on proposing two novel classes of active cyber defense against advanced and persistent network threats (APT) and sophisticated DDoS attacks, namely Cyber Agility (Moving Target Defense), and Active Cyber Deception. My Master s research includes topics in access control for pervasive and IoT environments, location privacy, and host-based intrusion detection. My industrial research background includes practical areas in network security (e.g. network telescopes, DNS sinkholes), malware analysis, database security, incident response, and Web security. PUBLICATIONS Citation Indices No. of citations: 366, h-index = 7, i10-index = 5 Active Cyber Defense [Ph.D. Research] J. Haadi Jafarian, A. Niakanlahiji, E. Al-Shaer, Q. Duan, Multi-dimensional Host Identity Anonymization for Defeating Skilled Attackers, 3rd ACM Workshop on Moving Target Defense, CCS 2016. Keywords - MTD, Deception, honeypot, honeynet, reconnaissance, data Anonymization J. Haadi Jafarian, E. Al-Shaer, Qi Duan, An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks, IEEE Transactions on Information Forensics and Security, Vol. 10, No. 12, 2015. Keywords - attack characterization, MTD, worm propagation, hypothesis testing, advanced persistent threat (APT), software-defined networking (SDN), Satisfiability Modulo Theories (SMT) 1
J. Haadi Jafarian, E. Al-Shaer and Qi Duan, Adversary-aware IP Address Randomization for Proactive Agility against Sophisticated Attackers, INFOCOM 2015. Keywords - adversary attribution, MTD, address mutation, worm propagation, hypothesis testing J. Haadi Jafarian, E. Al-Shaer and Qi Duan, Spatiotemporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers, ACM Workshop on Moving Target Defense, CCS 2014. Keywords - MTD, address mutation, worm propagation, spatial mutation, lateral movement modeling, graph theory E. Al-Shaer, Qi Duan and J. Haadi Jafarian, Random Host Mutation for Moving Target Defense, SECURECOMM, 2012. Keywords - MTD, IP mutation, Satisfiability Modulo Theories (SMT), worm propagation modeling J. Haadi Jafarian, E. Al-Shaer and Qi Duan, OpenFlow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking, ACM HotSDN, 2012. No. of citations: 200+ Keywords - MTD, IP mutation, SMT, Software-defined networking (SDN), OpenFlow DDoS Mitigation [Ph.D. Research] Qi Duan, E. Al-Shaer and J. Haadi Jafarian, Efficient Random Route Mutation Considering Flow and Network Constraints, IEEE CNS, 2013. Keywords - Route mutation, DDoS mitigation, Game Theory, SDN J. Haadi Jafarian, E. Al-Shaer and Qi Duan, Formal Approach for Route Agility against Persistent Attackers, ESORICS, 2013. Keywords - Route mutation, DDoS mitigation, SDN Qi Duan, J. Haadi Jafarian, E. Al-Shaer and J. Xu, On DDoS Attack Related Minimum Cut Problems, arxiv:1412.3359, 2014. Keywords - minimum cut problem, DDoS, network inhibition problem Access Control J. Haadi Jafarian, H. Takabi, H. Touati, E. Hesamifard, M. Shehab, Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach, SACMAT 2015. Keywords - role mining, role-based access control (RBAC), Satisfiability Modulo Theories (SMT) J. Haadi Jafarian, M. Amini, CAMAC: A Context-Aware Mandatory Access Control Model, ISeCure journal, Vol.1, No. 1, 2009. Keywords - mandatory access control (MAC), context-aware systems, Internet-of-Things (Pervasive) environments A. Noorollahi, J. Haadi Jafarian, M. Amini, R. Jalili, GTHBAC: A Generalized Temporal History-based Access Control Model, Telecommunication Systems, Volume 45, Issue 2-3, pp 111-125, 2010. Keywords - semantic-based access control, temporal logic J. Haadi Jafarian, M. Amini, R. Jalili, A Context-Aware Mandatory Access Control Model for Multilevel Security Environments, SafeComp, 2008. Keywords - mandatory access control (MAC), multi-level environments, context-aware systems A. Noorollahi, M. Amini, R. Jalili, J. Haadi Jafarian, A History-Based Semantic Aware Access Control Model Using Logical Time Approach, IDCS, 2008. Keywords - semantic-based access control, temporal logic, logical time 2
J. Haadi Jafarian, M. Amini, R. Jalili, A dynamic mandatory access control model, Advances in Computer Science and Engineering, Springer, 2008. Keywords - mandatory access control (MAC), context-aware systems, Internet-of-Things (Pervasive) environments Privacy J. Haadi Jafarian, A Vagueness-based Obfuscation Technique for Protecting Location Privacy, PASSAT, 2010. Keywords - location privacy, spatial obfuscation, reliability, mobile networks J. Haadi Jafarian, A. Noorollahi, M. Amini, R. Jalili, Protecting Location Privacy through a Graphbased Location Representation and a Robust Obfuscation Technique, ICISC, 2008. Keywords - location privacy, spatial obfuscation, reliability, graph theory, distributed systems Intrusion Detection J. Haadi Jafarian, A. Abbasi, S. Safaei, A Gray-Box DPDA-Based Intrusion Detection Technique Using System-Call Monitoring, CEAS, 2011. Keywords - host-based intrusion detection, system call monitoring, pushdown automata (PDA) THESIS Ph.D. Thesis, Cyber Agility for Attack Deterrence and Deception, under supervision of Dr. Ehab-Al- Shaer, UNC Charlotte, 2017. M.Sc. Thesis, A Context-aware Information Flow Control Model, Sharif University of Technology, 2008. B.Sc. Thesis, An Efficient Multi-layer Architecture for Web Applications, University of Tehran, 2005. TEACHING University of Colorado Denver Teaching, CSCI 4800: Web Application Development, fall 2017 University of North Carolina at Charlotte Teaching, ITIS 4166 Network Based Application Development, fall 2015 TA, ITIS 6230/8230 Information Infrastructure Protection, fall 2012, spring 2014, spring 2015 TA, GRAD 6010/8010 Academic Writing for Graduate Students, spring 2016, fall 2016 TA, ITIS 6167/8161 Network and Information Security, spring 2013, spring 2014, fall 2014 TA, ITIS 3200 Introduction to Information Security and Privacy, fall 2013 Sharif University of Technology, Iran TA, Database security, spring 2008, spring 2009 TA, Advanced operating systems, fall 2008 3
AWARDS AND HONORS 2017 Recognized as Most Successful Iranian Student at UNCC, faculty committee. 2017 RSA Security Scholar, RSA Conference Security Scholar Program. ~2000$ award. 2016-17 Center for Graduate Life at UNC Charlotte, Doctoral Writing Fellowship. 8000$ 2011-16 Graduate Assistantship Support Plan, Tuition scholarship. $100,000. 2005 Ranked 12 among 17000+ in national entrance exam for Master s studies in IT 2000 Ranked 570 among 100,000+ in national entrance exam for undergraduate studies ACADEMIC SERVICE Reviewer 2011-17 IEEE INFOCOM 2013-14 JNSM 2017 IEEE Access 2014 HotSOS 2017 ICDCS 2014 TNSM 2014,16 CNSM 2013 IEEE IM 2013-17 CNS 2012 NOMS 2014-15 CCS 2012 NDSS 2015 ACM MTD Workshop Executive Committee Member 2009-11 ISeCure Journal 4
Word Cloud of Research Publications 5