A. Ali-Gombe

A. Ali-Gombe

Towson University

H-index: 10

North America-United States

Professor Information

University

Towson University

Position

Assistant Professor

Citations(all)

303

Citations(since 2016)

253

Cited By

131

hIndex(all)

10

hIndex(since 2016)

9

i10Index(all)

10

i10Index(since 2016)

9

Email

University Profile Page

Click to Open

Research & Interests List

Cybersecurity

Digital Forensics

Malware Analysis and Detection

Android Security and Privacy

Co-Authors

H-index: 65
Dongyan Xu

Dongyan Xu

Purdue University

H-index: 64
Xiangyu Zhang

Xiangyu Zhang

Purdue University

H-index: 33
Vassil Roussev

Vassil Roussev

University of New Orleans

H-index: 29
Golden G. Richard III

Golden G. Richard III

Louisiana State University

H-index: 28
Irfan Ahmed

Irfan Ahmed

Virginia Commonwealth University

H-index: 20
Brendan D. Saltaformaggio

Brendan D. Saltaformaggio

Georgia Institute of Technology

H-index: 19
Mingxuan Sun

Mingxuan Sun

Louisiana State University

H-index: 8
Moinul Hossain

Moinul Hossain

Towson University

H-index: 7
Rohit Bhatia

Rohit Bhatia

Purdue University

Professor FAQs

What is A. Ali-Gombe's h-index at Towson University?

The h-index of A. Ali-Gombe has been 9 since 2016 and 10 in total.

What are A. Ali-Gombe's research interests?

The research interests of A. Ali-Gombe are: Cybersecurity, Digital Forensics, Malware Analysis and Detection, Android Security and Privacy

What is A. Ali-Gombe's total number of citations?

A. Ali-Gombe has 303 citations in total.

What are the co-authors of A. Ali-Gombe?

The co-authors of A. Ali-Gombe are Dongyan Xu, Xiangyu Zhang, Vassil Roussev, Golden G. Richard III, Irfan Ahmed, Brendan D. Saltaformaggio, Mingxuan Sun, Moinul Hossain, Rohit Bhatia.

Top articles of A. Ali-Gombe

Fortifying IoT Devices: AI-Driven Intrusion Detection via Memory-Encoded Audio Signals

IoT devices have become an increasingly accessible target for evasive attacks, such as botnets, due to insecure network services, deprecated software components, unencrypted data communication, and other vulnerabilities. To address these security concerns, our work makes several significant contributions toward curating datasets and designing and developing a robust and effective Host-Based Intrusion Detection algorithm (HIDS) for IoT devices. The proposed algorithm leverages memory-based fingerprints to train a convolutional neural network (CNN) model. Our approach is based on the premise that despite the heterogeneity of IoT devices, the functionality of each IoT device is often unique and remains relatively constant throughout its lifespan. Thus, to develop an effective IDS algorithm based on anomaly detection, we encode the dynamic IoT device memory into sound wave signals, extract …

Authors

Ramyapandian Vijayakanthan,Karley M Waguespack,Irfan Ahmed,Aisha Ali-Gombe

Publish By

IEEE

Publish Date

2023/10/18

SWMAT: Mel-frequency cepstral coefficients-based memory fingerprinting for IoT devices

The increasing sophistication in computing capability and sensing technologies have continued to drive the design, development, and growth of the smart technologies commonly known as the IoTs. Nonetheless, the rise and spread of malware in this ecosystem is a pressing societal concern that requires immediate attention. In this paper, we propose a novel technique called Sound Wave Memory Analysis Technique (SWMAT), for fingerprinting IoT devices by converting their dynamic memory traces into sound wave signals using a lossless transformation function from which a unique set of determinable features called Mel Frequency Cepstral Coefficients (MFCCs) are extracted. The overarching objective of this research is to explore offline the effectiveness of using features from memory-encoded sound wave signals for fingerprinting and detecting abnormal changes in IoT devices, which potentially can provide …

Authors

Ramyapandian Vijayakanthan,Irfan Ahmed,Aisha Ali-Gombe

Journal

Computers & Security

Publish By

Elsevier Advanced Technology

Publish Date

2023/9/1

cRGB_Mem: At the intersection of memory forensics and machine learning

Mobile malware’s alarming sophistication and pervasiveness have continued to draw the attention of many cybersecurity researchers. Particularly on the Android platform, malware trojans designed to steal user PIIs, crypto miners, ransomware, and on-device fraud continue to infiltrate the primary Google store market and other secondary markets. While much effort has been put in place by the research community and industry to curb this menace since 2012, malware authors have consistently found ways to circumvent the existing detection and prevention mechanisms. Largely this remains so because of the restrictiveness of the feature set used in building the current classification models. Thus, the overarching objective of this paper is to bridge the gap between static and dynamic analysis by exploring the use of in-memory artifacts generated from the concrete execution of Android apps for effective malware …

Authors

Aisha Ali-Gombe,Sneha Sudhakaran,Ramyapandian Vijayakanthan,Golden G Richard III

Journal

Forensic Science International: Digital Investigation

Publish By

Elsevier

Publish Date

2023/7/1

A Reverse Engineering Education Needs Analysis Survey

This paper presents the results of a needs analysis survey for Reverse Engineering (RE). The need for reverse engineers in digital forensics, continues to grow as malware analysis becomes more complicated. The survey was created to investigate tools used in the cybersecurity industry, the methods for teaching RE and educational resources related to RE. Ninety-three (n=93) people responded to our 58 question survey. Participants did not respond to all survey questions as they were optional. The data showed that the majority of 24/71 (33.8%) responses either strongly agreed and 22/71 (30.99%) of responses somewhat agreed that there is a shortage in RE resources. Furthermore, a majority of 17/72 (23.61%) responses indicated that they strongly disagree and that 27/72 (37.5%) somewhat disagree to the statement that graduates are leaving college with adequate RE knowledge. When asked if there is a shortage of adequate RE candidates, the majority of 33/71 (46.48%) responses strongly agreed and 20/71 (28.17%) somewhat agreed. In order to determine if this was a result of the tools at their disposal, a series of questions in regards to the two most popular RE tools were also asked.

Authors

Charles R Barone IV,Robert Serafin,Ilya Shavrov,Ibrahim Baggili,Aisha Ali-Gombe,Golden G Richard III,Andrew Case

Journal

arXiv preprint arXiv:2212.07531

Publish Date

2022/12/14

Arabic web accessibility analysis: findings from a usability study of Arabian web developers

The importance of considering people with impairments’ needs in the early stage of web application design increases with technological advances. Human–computer interaction researchers have developed many applications and tools to improve inclusive web design and alleviate struggles related to the accessibility of the web. Recent Arabic web accessibility studies have shown that the Arabian countries are falling behind western countries in many aspects of web accessibility. One of these aspects is the lack of tools and applications that assist web developers in designing inclusive websites and web applications. The purpose of this research is to implement a web tool, a previously suggested solution, to improve Arabic web accessibility and examine the effects of using an Arabic web accessibility tool as a solution to enhance Arabic web accessibility. An Arabic web accessibility testing tool called AATT was …

Authors

Mona M Alnahari,Joyram Chakraborty,Mona Mohamed,Aisha Ali-Gombe

Journal

Human-Intelligent Systems Integration

Publish By

Springer International Publishing

Publish Date

2022/12

Sterilized Persistence Vectors (SPVs): Defense Through Deception on Windows Systems

The vicious cycle of malware attacks on infrastructures and systems has continued to escalate despite organizations’ tremendous efforts and resources in preventing and detecting known threats. One reason is that standard reactionary practices such as defense-in-depth are not as adaptive as malware development. By utilizing zero-day system vulnerabilities, malware can successfully subvert preventive measures, infect its targets, establish a persistence strategy, and continue to propagate, thus rendering defensive mechanisms ineffective. In this paper, we propose sterilized persistence vectors (SPVs)-a proactive Defense by Deception strategy for mitigating malware infections that leverages a benign rootkit to detect changes in persistence areas. Our approach generates SPVs from infection-stripped malware code and utilizes them as persistent channel blockers for new malware infections. We performed an in-depth evaluation of our approach on Windows systems versions 7 and 10 by infecting them with 1000 different malware samples after training the system with 1000 additional samples to fine-tune the learning algorithms. Our results, based on a memory analysis of pre-and post-SPV infections, indicate that the proposed approach can successfully defend systems against new infections by rendering the malicious code ineffective and inactive without persistence.

Authors

Nicholas Phillips,Aisha Ali-Gombe

Publish By

61

Publish Date

2022/11/13

User Awareness and Privacy Regarding Instant Games on Facebook

On social networking sites (SSN) such as Facebook, users tend to share information and engage with third-party applications (apps). However, how knowledgeable, and aware, are users with regard to using a third-party service or app on Facebook? That is, do users really understand what information gets accessed, collected, and how Facebook shares their data with these integrated third-party apps/services? In this paper, Instant Games (IG), which are third-party apps on Facebook, were used to evaluate the user’s understanding and awareness with respect to the following four core domains – data sharing, data collection, permission settings, and privacy policy. Findings showed that users, to a certain extent, understand that their personal information is been shared; however, they are not fully aware of the details regarding what information is being shared, accessed, and collected by the game apps …

Authors

Stacy Nicholson,Robert J Hammell,Joyram Chakraborty,Aisha Ali-Gombe

Publish By

Springer Nature Switzerland

Publish Date

2022/6/26

I Don't Know Why You Need My Data: A Case Study of Popular Social Media Privacy Policies

Data privacy, a critical human right, is gaining importance as new technologies are developed, and the old ones evolve. In mobile platforms such as Android, data privacy regulations require developers to communicate data access requests using privacy policy statements (PPS). This case study cross-examines the PPS in popular social media (SM) apps --- Facebook and Twitter --- for features of language ambiguity, sensitive data requests, and whether the statements tally with the data requests made in the Manifest file. Subsequently, we conduct a comparative analysis between the PPS of these two apps to examine trends that may constitute a threat to user data privacy.

Authors

Elizabeth Miller,Md Rashedur Rahman,Moinul Hossain,Aisha Ali-Gombe

Publish Date

2022/4/14

academic-engine

Useful Links