Keyvan Ansari

Vehicle-to-infrastructure (V2I) communication, a subset of Vehicle-to-everything (V2X), plays a critical role in enhancing road safety and traffic efficiency. While DSRC and C-V2X technologies have standardised physical layer communication, the upper layers remain flexible and open to diverse implementations. Existing IoT application layer protocols (ALPs), built on legacy TCP and UDP transport protocols, may exhibit suboptimal performance in dynamic V2I environments. This study evaluates six ALPs, i.e., AMQP, CoAP, DDS, MQTT, WebSocket (WS), and XMPP, across twenty protocol combinations, including modern QUIC and SCTP transport protocols. Using a simulation framework that integrates Omnet++, SUMO, Veins, and OpenStreetMap data, we assess key performance metrics: latency, packet delivery ratio, throughput, inter-arrival time, and connection establishment time. Our results indicate that while most protocol combinations perform adequately under low node densities (e.g., fewer than 100 nodes), network congestion leads to performance degradation. Nevertheless, CoAP over QUIC/UDP and WS over QUIC emerge as promising candidates for disseminating awareness messages across diverse V2I communication scenarios within the context and test limits.

The concept of smart cities continues to gain traction as urban and rural areas increasingly adopt Internet-of-things (IoT), sensors and smart devices, generating vast amounts of data. However, the collection, processing, and transmission of this big data introduce multi-dimensional challenges, intensifying the need for robust Information Assurance (IA) and Data Quality (DQ) solutions. Researchers have proposed various methodologies to address these challenges, including encryption techniques (e.g., homomorphic and lightweight encryption, cryptographic methods), deep learning models (e.g., LSTM), tree-based machine learning algorithms, government regulations (e.g., GDPR, ePrivacy Directive), blockchain-based integrity frameworks, and cloud-centric security and DQ architectures. This study iteratively classifies these methodologies. While researchers and experts have employed these methodologies and solutions to address IA/DQ challenges, our survey reveals a critical gap. There is a lack of holistic strategies for integrating IA and DQ in smart cities, particularly in big data and IoT use cases. Unlike prior surveys, this paper provides a novel IA/DQ-centric perspective, highlighting unresolved challenges such as governing standards for real-time data and DQ policy. As such, we provide a guide for future research toward developing a cohesive end-to-end assurance framework for smart cities.
[Display omitted]

In the rapidly evolving field of cybersecurity, ransomware poses an escalating threat; adversaries employ advanced encryption techniques to render critical data inaccessible and evade traditional defenses. Specifically, ransomware developers utilize intricate strategies that undermine heuristic file monitoring and file system attribute analysis, rendering current detection methods ineffective against such attacks. This study tests and analyzes the performance of models that focus on the file system level. The goal is to improve detection by using statistically measurable attributes that are specific to the file system. For instance, statistically measurable data can be derived from the blocks of the write buffer transmitted from endpoints to storage servers. We investigate the effectiveness of various machine learning classifiers in detecting encryption activities at the storage level, using a substantial dataset of 32.6 GB comprising 11,928 files encrypted by 75 ransomware families. We integrate novel statistical components to augment the system’s ability to detect encryption, notwithstanding the adaptive tactics of ransomware that reduce entropy measures and alter call frequencies to evade classification. Our in-depth study looks at these classifiers in the context of ransomware that uses partial and intermittent encryption and online learning methods to make them more flexible in a threat environment that changes quickly. In benchmark tests, the Hoeffding Tree algorithm consistently performs well. It works especially well against types of ransomware that use intermittent encryption methods.

Botnets represent a significant and evolving cybersecurity threat, leveraging networks of compromised devices for various malicious activities, including data exfiltration (e.g., Truebot malware), credential theft, and distributed denial-of-service (DDoS) attacks. heir increasing sophistication includes advanced evasion techniques such as domain generation algorithms (DGAs), encrypted command-and-control (C&C) channels, and peer-to-peer (P2P) architectures. These innovations pose substantial challenges to conventional detection systems. Existing surveys typically examine isolated detection methodologies or specific datasets, failing to address comprehensively the broader landscape, especially regarding adversarial manipulation of machine learning (ML) and artificial intelligence (AI) feature sets. To address this critical gap, this survey introduces the first systematic adversarial-aware analysis of botnet detection strategies. It specifically evaluates how adversaries exploit ML/AI feature manipulation, such as through noise injection and feature perturbation, to evade detection, a perspective that has not been quantitatively addressed in prior literature. A core contribution is our explicit benchmarking of detection model robustness across four quantitative metrics, faithfulness, monotonicity, sensitivity, and complexity, providing novel insights into the resilience of state-of-the-art models under adversarial conditions. Additionally, we highlight persistent practical challenges including limited dataset diversity and dependence on high-quality labeled data, and propose potential mitigation approaches such as synthetic data generation, federated and semi-supervised learning, and lightweight detection architectures tailored for resource-constrained IoT deployments. Finally, we outline key future research directions emphasizing standardized robustness evaluation frameworks, explainable AI to enhance interpretability and trust, and privacy-preserving collaborative data-sharing mechanisms. By integrating this adversarial-aware perspective with a comprehensive and practical evaluation framework, this work contributes to the field’s understanding of botnet detection and supports the design of more robust and resilient cybersecurity solutions through insights relevant to both researchers and practitioners.

In the rapidly evolving landscape of cybersecurity threats, ransomware represents a significant challenge. Attackers increasingly employ sophisticated encryption methods, such as entropy reduction through Base64 encoding, and partial or intermittent encryption to evade traditional detection methods. This study explores the dynamic battle between adversaries who continuously refine encryption strategies and defenders developing advanced countermeasures to protect vulnerable data. We investigate the application of online incremental machine learning algorithms designed to predict file encryption activities despite adversaries evolving obfuscation techniques. Our analysis utilizes an extensive dataset of 32.6 GB, comprising 11,928 files across multiple formats, including Microsoft Word documents (doc), PowerPoint presentations (ppt), Excel spreadsheets (xlsx), image formats (jpg, jpeg, png, tif, gif), PDFs (pdf), audio (mp3), and video (mp4) files. These files were encrypted by 75 distinct ransomware families, facilitating a robust empirical evaluation of machine learning classifiers effectiveness against diverse encryption tactics. Results highlight the Hoeffding Tree algorithms superior incremental learning capability, particularly effective in detecting traditional and AES-Base64 encryption methods employed to lower entropy. Conversely, the Random Forest classifier with warm-start functionality excels at identifying intermittent encryption methods, demonstrating the necessity of tailored machine learning solutions to counter sophisticated ransomware strategies.

Ransomware poses a major threat by encrypting files and demanding ransom for decryption. This paper introduces a lightweight hybrid model for detecting ransomware by analyzing file system events. By combining XGBoost and Long Short-Term Memory (LSTM) networks, the approach identifies and predicts malicious behaviors with high accuracy and low computational cost. A File System Monitor Watchdog was developed to track file activities, collecting a dataset from 20 ransomware families. XGBoost is used for initial pattern detection, and LSTM networks for sequential analysis. The model achieved 97.12% detection accuracy, outperforming traditional methods in accuracy and efficiency, while reducing computational costs.

This study introduces the Digital Immunity Module (DIM), a novel pass-through file system gateway, positioned strategically between storage and endpoints to enhance the security of files accessed via network protocols such as NFS and SMB on SharePoint. DIM serves as a protective layer against ransomware, designed with dual objectives: (1) detecting statistical anomalies that may indicate potential encryption within the network file system, and (2) proactively expanding under-attack files using a reverse source-coding algorithm to deprive ransomware of the resources it needs to operate. For practical deployment, we have developed a proxy gateway that connects endpoints to Azure storage using the SMB protocol. This setup effectively differentiates between benign and malicious activities without needing to identify specific processes at the endpoints, i.e., a critical advantage in combating fileless ransomware, which often eludes conventional security mechanisms such as behavioral analysis. Upon detecting malicious encryption, DIM reacts by expanding the size of buffer blocks, preventing ransomware from accessing subsequent files and frequently causing the ransomware to self-terminate. Our comprehensive evaluation, involving a benign dataset of 11,928 files against 75 ransomware families, including fileless types, demonstrates that DIM significantly impedes and often terminates ransomware operations early in the attack life cycle. This confirms the practicality and effectiveness of this pass-through defence strategy.

Understanding the attributes of critical data and implementing suitable security measures help organisations bolster their data-protection strategies and diminish the potential impacts of ransomware incidents. Unauthorised extraction and acquisition of data are the principal objectives of most cyber invasions. We underscore the severity of this issue using a recent attack by the Clop ransomware group, which exploited the MOVEit Transfer vulnerability and bypassed network-detection mechanisms to exfiltrate data via a Command and Control server. As a countermeasure, we propose a method called Buffer-Based Signature Verification (BBSV). This approach involves embedding 32-byte tags into files prior to their storage in the cloud, thus offering enhanced data protection. The BBSV method can be integrated into software like MOVEit Secure Managed File Transfer, thereby thwarting attempts by ransomware to exfiltrate data. Empirically tested using a BBSV prototype, our approach was able to successfully halt the encryption process for 80 ransomware instances from 70 ransomware families. BBSV not only stops the encryption but also prevents data exfiltration when data are moved or written from the original location by adversaries. We further develop a hypothetical exploit scenario in which an adversary manages to bypass the BBSV, illicitly transmits data to a Command and Control server, and then removes files from the original location. We construct an extended state space, in which each state represents a tuple that integrates user authentication and system components at the filesystem level.

Intelligent transportation and autonomous mobility solutions rely on cooperative awareness developed by exchanging proximity and mobility data among road users. To maintain pervasive awareness on roads, all vehicles and vulnerable road users must be identified, either cooperatively, where road users equipped with wireless capabilities of Vehicle-to-Everything (V2X) radios can communicate with one another, or passively, where users without V2X capabilities are detected by means other than V2X communications. This necessitates the establishment of a communications channel among all V2X-enabled road users, regardless of whether their underlying V2X technology is compatible or not. At the same time, for cooperative awareness to realize its full potential, non-V2X-enabled road users must also be communicated with where possible or, leastwise, be identified passively. However, the question is whether current V2X technologies can provide such a welcoming heterogeneous road environment for all parties, including varying V2X-enabled and non-V2X-enabled road users? This paper investigates the roles of a propositional concept named Augmenting V2X Roadside Unit (A-RSU) in enabling heterogeneous vehicular networks to support and benefit from pervasive cooperative awareness. To this end, this paper explores the efficacy of A-RSU in establishing pervasive cooperative awareness and investigates the capabilities of the available communication networks using secondary data. The primary findings suggest that A-RSU is a viable solution for accommodating all types of road users regardless of their V2X capabilities.

Networking protocols have undergone significant developments and adaptations to cater for unique communication needs within the IoT paradigm. However, meeting these requirements in the context of vehicle-to-infrastructure (V2I) communications becomes a multidimensional problem due to factors like high mobility, intermittent connectivity, rapidly changing topologies, and an increased number of nodes. Thus, examining these protocols based on their characteristics and comparative analyses from the literature has shown that there is still room for improvement, particularly in ensuring efficiency in V2I interactions. This study aims to investigate the most viable network protocols for V2I communications, focusing on ensuring data quality (DQ) across the first three layers of the IoT protocol stack. This presents an improved understanding of the performance of network protocols in V2I communication. The findings of this paper showed that although each protocol offers unique strengths when evaluated against the identified dimensions of DQ, a cross-layer protocol fusion may be necessary to meet specific DQ dimensions. With the complexities and specific demands of V2I communications, it’s clear that no single protocol from our tri-layered perspective can solely fulfil all IP-based communication requirements given that the V2I communication landscape is teeming with heterogeneity, where a mixture of protocols is required to address unique communication demands.