Keyvan Ansari

Vehicle-to-infrastructure (V2I) communication, a subset of Vehicle-to-everything (V2X), plays a critical role in enhancing road safety and traffic efficiency. While DSRC and C-V2X technologies have standardised physical layer communication, the upper layers remain flexible and open to diverse implementations. Existing IoT application layer protocols (ALPs), built on legacy TCP and UDP transport protocols, may exhibit suboptimal performance in dynamic V2I environments. This study evaluates six ALPs, i.e., AMQP, CoAP, DDS, MQTT, WebSocket (WS), and XMPP, across twenty protocol combinations, including modern QUIC and SCTP transport protocols. Using a simulation framework that integrates Omnet++, SUMO, Veins, and OpenStreetMap data, we assess key performance metrics: latency, packet delivery ratio, throughput, inter-arrival time, and connection establishment time. Our results indicate that while most protocol combinations perform adequately under low node densities (e.g., fewer than 100 nodes), network congestion leads to performance degradation. Nevertheless, CoAP over QUIC/UDP and WS over QUIC emerge as promising candidates for disseminating awareness messages across diverse V2I communication scenarios within the context and test limits.

The concept of smart cities continues to gain traction as urban and rural areas increasingly adopt Internet-of-things (IoT), sensors and smart devices, generating vast amounts of data. However, the collection, processing, and transmission of this big data introduce multi-dimensional challenges, intensifying the need for robust Information Assurance (IA) and Data Quality (DQ) solutions. Researchers have proposed various methodologies to address these challenges, including encryption techniques (e.g., homomorphic and lightweight encryption, cryptographic methods), deep learning models (e.g., LSTM), tree-based machine learning algorithms, government regulations (e.g., GDPR, ePrivacy Directive), blockchain-based integrity frameworks, and cloud-centric security and DQ architectures. This study iteratively classifies these methodologies. While researchers and experts have employed these methodologies and solutions to address IA/DQ challenges, our survey reveals a critical gap. There is a lack of holistic strategies for integrating IA and DQ in smart cities, particularly in big data and IoT use cases. Unlike prior surveys, this paper provides a novel IA/DQ-centric perspective, highlighting unresolved challenges such as governing standards for real-time data and DQ policy. As such, we provide a guide for future research toward developing a cohesive end-to-end assurance framework for smart cities.
[Display omitted]

In the rapidly evolving field of cybersecurity, ransomware poses an escalating threat; adversaries employ advanced encryption techniques to render critical data inaccessible and evade traditional defenses. Specifically, ransomware developers utilize intricate strategies that undermine heuristic file monitoring and file system attribute analysis, rendering current detection methods ineffective against such attacks. This study tests and analyzes the performance of models that focus on the file system level. The goal is to improve detection by using statistically measurable attributes that are specific to the file system. For instance, statistically measurable data can be derived from the blocks of the write buffer transmitted from endpoints to storage servers. We investigate the effectiveness of various machine learning classifiers in detecting encryption activities at the storage level, using a substantial dataset of 32.6 GB comprising 11,928 files encrypted by 75 ransomware families. We integrate novel statistical components to augment the system’s ability to detect encryption, notwithstanding the adaptive tactics of ransomware that reduce entropy measures and alter call frequencies to evade classification. Our in-depth study looks at these classifiers in the context of ransomware that uses partial and intermittent encryption and online learning methods to make them more flexible in a threat environment that changes quickly. In benchmark tests, the Hoeffding Tree algorithm consistently performs well. It works especially well against types of ransomware that use intermittent encryption methods.

Botnets represent a significant and evolving cybersecurity threat, leveraging networks of compromised devices for various malicious activities, including data exfiltration (e.g., Truebot malware), credential theft, and distributed denial-of-service (DDoS) attacks. heir increasing sophistication includes advanced evasion techniques such as domain generation algorithms (DGAs), encrypted command-and-control (C&C) channels, and peer-to-peer (P2P) architectures. These innovations pose substantial challenges to conventional detection systems. Existing surveys typically examine isolated detection methodologies or specific datasets, failing to address comprehensively the broader landscape, especially regarding adversarial manipulation of machine learning (ML) and artificial intelligence (AI) feature sets. To address this critical gap, this survey introduces the first systematic adversarial-aware analysis of botnet detection strategies. It specifically evaluates how adversaries exploit ML/AI feature manipulation, such as through noise injection and feature perturbation, to evade detection, a perspective that has not been quantitatively addressed in prior literature. A core contribution is our explicit benchmarking of detection model robustness across four quantitative metrics, faithfulness, monotonicity, sensitivity, and complexity, providing novel insights into the resilience of state-of-the-art models under adversarial conditions. Additionally, we highlight persistent practical challenges including limited dataset diversity and dependence on high-quality labeled data, and propose potential mitigation approaches such as synthetic data generation, federated and semi-supervised learning, and lightweight detection architectures tailored for resource-constrained IoT deployments. Finally, we outline key future research directions emphasizing standardized robustness evaluation frameworks, explainable AI to enhance interpretability and trust, and privacy-preserving collaborative data-sharing mechanisms. By integrating this adversarial-aware perspective with a comprehensive and practical evaluation framework, this work contributes to the field’s understanding of botnet detection and supports the design of more robust and resilient cybersecurity solutions through insights relevant to both researchers and practitioners.

Ransomware poses a major threat by encrypting files and demanding ransom for decryption. This paper introduces a lightweight hybrid model for detecting ransomware by analyzing file system events. By combining XGBoost and Long Short-Term Memory (LSTM) networks, the approach identifies and predicts malicious behaviors with high accuracy and low computational cost. A File System Monitor Watchdog was developed to track file activities, collecting a dataset from 20 ransomware families. XGBoost is used for initial pattern detection, and LSTM networks for sequential analysis. The model achieved 97.12% detection accuracy, outperforming traditional methods in accuracy and efficiency, while reducing computational costs.

This study introduces the Digital Immunity Module (DIM), a novel pass-through file system gateway, positioned strategically between storage and endpoints to enhance the security of files accessed via network protocols such as NFS and SMB on SharePoint. DIM serves as a protective layer against ransomware, designed with dual objectives: (1) detecting statistical anomalies that may indicate potential encryption within the network file system, and (2) proactively expanding under-attack files using a reverse source-coding algorithm to deprive ransomware of the resources it needs to operate. For practical deployment, we have developed a proxy gateway that connects endpoints to Azure storage using the SMB protocol. This setup effectively differentiates between benign and malicious activities without needing to identify specific processes at the endpoints, i.e., a critical advantage in combating fileless ransomware, which often eludes conventional security mechanisms such as behavioral analysis. Upon detecting malicious encryption, DIM reacts by expanding the size of buffer blocks, preventing ransomware from accessing subsequent files and frequently causing the ransomware to self-terminate. Our comprehensive evaluation, involving a benign dataset of 11,928 files against 75 ransomware families, including fileless types, demonstrates that DIM significantly impedes and often terminates ransomware operations early in the attack life cycle. This confirms the practicality and effectiveness of this pass-through defence strategy.

Understanding the attributes of critical data and implementing suitable security measures help organisations bolster their data-protection strategies and diminish the potential impacts of ransomware incidents. Unauthorised extraction and acquisition of data are the principal objectives of most cyber invasions. We underscore the severity of this issue using a recent attack by the Clop ransomware group, which exploited the MOVEit Transfer vulnerability and bypassed network-detection mechanisms to exfiltrate data via a Command and Control server. As a countermeasure, we propose a method called Buffer-Based Signature Verification (BBSV). This approach involves embedding 32-byte tags into files prior to their storage in the cloud, thus offering enhanced data protection. The BBSV method can be integrated into software like MOVEit Secure Managed File Transfer, thereby thwarting attempts by ransomware to exfiltrate data. Empirically tested using a BBSV prototype, our approach was able to successfully halt the encryption process for 80 ransomware instances from 70 ransomware families. BBSV not only stops the encryption but also prevents data exfiltration when data are moved or written from the original location by adversaries. We further develop a hypothetical exploit scenario in which an adversary manages to bypass the BBSV, illicitly transmits data to a Command and Control server, and then removes files from the original location. We construct an extended state space, in which each state represents a tuple that integrates user authentication and system components at the filesystem level.

Intelligent transportation and autonomous mobility solutions rely on cooperative awareness developed by exchanging proximity and mobility data among road users. To maintain pervasive awareness on roads, all vehicles and vulnerable road users must be identified, either cooperatively, where road users equipped with wireless capabilities of Vehicle-to-Everything (V2X) radios can communicate with one another, or passively, where users without V2X capabilities are detected by means other than V2X communications. This necessitates the establishment of a communications channel among all V2X-enabled road users, regardless of whether their underlying V2X technology is compatible or not. At the same time, for cooperative awareness to realize its full potential, non-V2X-enabled road users must also be communicated with where possible or, leastwise, be identified passively. However, the question is whether current V2X technologies can provide such a welcoming heterogeneous road environment for all parties, including varying V2X-enabled and non-V2X-enabled road users? This paper investigates the roles of a propositional concept named Augmenting V2X Roadside Unit (A-RSU) in enabling heterogeneous vehicular networks to support and benefit from pervasive cooperative awareness. To this end, this paper explores the efficacy of A-RSU in establishing pervasive cooperative awareness and investigates the capabilities of the available communication networks using secondary data. The primary findings suggest that A-RSU is a viable solution for accommodating all types of road users regardless of their V2X capabilities.

Networking protocols have undergone significant developments and adaptations to cater for unique communication needs within the IoT paradigm. However, meeting these requirements in the context of vehicle-to-infrastructure (V2I) communications becomes a multidimensional problem due to factors like high mobility, intermittent connectivity, rapidly changing topologies, and an increased number of nodes. Thus, examining these protocols based on their characteristics and comparative analyses from the literature has shown that there is still room for improvement, particularly in ensuring efficiency in V2I interactions. This study aims to investigate the most viable network protocols for V2I communications, focusing on ensuring data quality (DQ) across the first three layers of the IoT protocol stack. This presents an improved understanding of the performance of network protocols in V2I communication. The findings of this paper showed that although each protocol offers unique strengths when evaluated against the identified dimensions of DQ, a cross-layer protocol fusion may be necessary to meet specific DQ dimensions. With the complexities and specific demands of V2I communications, it’s clear that no single protocol from our tri-layered perspective can solely fulfil all IP-based communication requirements given that the V2I communication landscape is teeming with heterogeneity, where a mixture of protocols is required to address unique communication demands.

Data from interconnected vehicles may contain sensitive information such as location, driving behavior, personal identifiers, etc. Without adequate safeguards, sharing this data jeopardizes data privacy and system security. The current cen-tralized data-sharing paradigm in these systems raises particular concerns about data privacy. Recognizing these challenges, the shift towards decentralized interactions in technology, as echoed by the principles of Industry 5.0, becomes paramount. This work is closely aligned with these principles, emphasizing decentralized, human-centric, and secure technological interactions in an interconnected vehicular ecosystem. To embody this, we propose a practical approach that merges two emerging technologies: Federated Learning (FL) and Blockchain. The integration of these technologies enables the creation of a decentralized vehicular network. In this setting, vehicles can learn from each other without compromising privacy while also ensuring data integrity and accountability. Initial experiments show that compared to conventional decentralized federated learning techniques, our proposed approach significantly enhances the performance and security of vehicular networks. The system's accuracy stands at 91.92%. While this may appear to be low in comparison to state-of-the-art federated learning models, our work is noteworthy because, unlike others, it was achieved in a malicious vehicle setting. Despite the challenging environment, our method maintains high accuracy, making it a competent solution for preserving data privacy in vehicular networks.