Dr Mohammad Shojafar


Senior Lecturer in Network Security
+44 (0)1483 689480
08 CII 01

About

Areas of specialism

Network Security and Privacy; Green Networking; Adversarial Machine Learning; Applied Cryotography

News

In the media

2017
2017 SPRITZ CLUSIT Workshop on Future Systems Security and Privacy
Presenter
2017 SPRITZ CLUSIT Workshop on Future Systems Security and Privacy

Research

Research interests

Research projects

Indicators of esteem

  • EU Horizon Marie Curie 2019: PRISENODE  (PI)

     

    Supervision

    Postgraduate research supervision

    Teaching

    Publications

    Highlights

    M. Shojafar, N. Cordeschi, E. Baccarelli, "Energy-efficient Adaptive Resource Management for Real-time Vehicular Cloud Services", IEEE Transactions on Cloud Computing(TCC), Vol. 7, Iss. 1, pp. 196-209, March 2019.

    R. Taheri, M. Shojafar, M. Alazab, R. Tafazolli, "FED-IIoT: A Robust Federated Malware Detection Architecture in Industrial IoT"IEEE Transactions on Industrial Informatics(TII), Vol. PP, Iss. 99, pp. 1-11, December 2020.

    ‪Farooq Hoseiny‬, Sadoon Azizi, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI (2021)Joint QoS-aware and Cost-efficient Task Scheduling for Fog-Cloud Resources in a Volunteer Computing System, In: ACM Transactions on Internet Technology Association for Computing Machinery (ACM)

    Volunteer computing is an Internet based distributed computing in which volunteers share their extra available resources to manage large-scale tasks. However, computing devices in a Volunteer Computing System (VCS) are highly dynamic and heterogeneous in terms of their processing power, monetary cost, and data transferring latency. To ensure both of the high Quality of Service (QoS) and low cost for different requests, all of the available computing resources must be used efficiently. Task scheduling is an NP-hard problem that is considered as one of the main critical challenges in a heterogeneous VCS. Due to this, in this paper, we design two task scheduling algorithms for VCSs, named Min-CCV and Min-V. The main goal of the proposed algorithms is jointly minimizing the computation, communication and delay violation cost for the Internet of Things (IoT) requests. Our extensive simulation results show that proposed algorithms are able to allocate tasks to volunteer fog/cloud resources more efficiently than the state-of-the-art. Specifically, our algorithms improve the deadline satisfaction task rates around 99.5% and decrease the total cost between 15 to 53% in comparison with the genetic-based algorithm.

    Zheng Chu, Pei Xiao, Mohammad Shojafar, De Mi, Wanming Hao, Jia Shi, Fuhui Zhou (2022)Utility Maximization for IRS Assisted Wireless Powered Mobile Edge Computing and Caching (WP-MECC) Networks, In: IEEE transactions on communications IEEE

    —This paper exploits an intelligent reflecting surface (IRS) assisted wireless powered mobile edge computing and caching (WP-MECC) network. In particular, an IRS is utilized to reflect energy signals from a power station (PS) to various IoT devices for energy harvesting during uplink wireless energy transfer (WET). These devices collect energy to support their own partially local computing for computational tasks and their offloading capabilities to an access point (AP), with the help of IRS via time or frequency division multiple access (TDMA or FDMA). The AP is equipped with a local cache connected with a MEC server via a backhaul link, which prefetches the data to facilitate edge computing capabilities. The maximization of a utility function is formulated to evaluate the overall network performance, which is defined as the difference between the sum of computational bits (offloading bits and local computing bits) and total backhaul cost. Due to multiple coupled variables, we first design the optimal caching strategy. Then, an auxiliary vector is introduced to coordinate the energy consumption of local computing and offloading, where its optimal solution can be achieved by an exhaustive search. Moreover, we utilize the Lagrange dual method and the Karush-Kuhn-Tucker (KKT) conditions to derive the optimal time scheduling for the TDMA scheme or the optimal bandwidth allocation for the FDMA counterpart in closed form. The IRS phase shifts are iteratively designed by employing the quadratic transformation (QT) and the Riemannian Manifold Optimization (RMO). Finally, simulation results are demonstrated to validate the network utility performance and confirm the advantage of the employment of IRS, the optimal IRS phase shift design and caching strategy, in comparison to the benchmark schemes. Index Terms—Intelligent reflecting surface (IRS), wireless powered mobile edge computing and caching (WP-MECC), utility

    Reza Farahani, Mohammad Shojafar, Christian Timmerer, Farzad Tashtarian, Mohammad Ghanbari, Hermann Hellwagner (2023)ARARAT: A Collaborative Edge-Assisted Framework for HTTP Adaptive Video Streaming, In: IEEE Transactions on Network and Service Management20(1)pp. 625-643 Institute of Electrical and Electronics Engineers (IEEE)

    With the ever-increasing demands for high-definition and low-latency video streaming applications, network-assisted video streaming schemes have become a promising complementary solution in the HTTP Adaptive Streaming (HAS) context to improve users’ Quality of Experience (QoE) as well as network utilization. Edge computing is considered one of the leading networking paradigms for designing such systems by providing video processing and caching close to the end-users. Despite the wide usage of this technology, designing network-assisted HAS architectures that support low-latency and high-quality video streaming, including edge collaboration is still a challenge. To address these issues, this article leverages the Software-Defined Networking (SDN), Network Function Virtualization (NFV), and edge computing paradigms to propose A collabo R ative edge- A ssisted framewo R k for HTTP A daptive video s T reaming ( ARARAT ). Aiming at minimizing HAS clients’ serving time and network cost, besides considering available resources and all possible serving actions, we design a multi-layer architecture and formulate the problem as a centralized optimization model executed by the SDN controller. However, to cope with the high time complexity of the centralized model, we introduce three heuristic approaches that produce near-optimal solutions through efficient collaboration between the SDN controller and edge servers. Finally, we implement the ARARAT framework, conduct our experiments on a large-scale cloud-based testbed including 250 HAS players, and compare its effectiveness with state-of-the-art systems within comprehensive scenarios. The experimental results illustrate that the proposed ARARAT methods ( i ) improve users’ QoE by at least 47%, (ii) decrease the streaming cost, including bandwidth and computational costs, by at least 47%, and (iii) enhance network utilization, by at least 48% compared to state-of-the-art approaches.

    MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Paola G. Vinueza Naranjo, Enzo Baccarelli (2017)FLAPS: bandwidth and delay-efficient distributed data searching in Fog-supported P2P content delivery networks, In: The Journal of supercomputing73(12)pp. 5239-5260 Springer US

    Due to the growing interest for multimedia contents by mobile users, designing bandwidth and delay-efficient distributed algorithms for data searching over wireless (possibly, mobile) “ad hoc” Peer-to-Peer (P2P) content Delivery Networks (CDNs) is a topic of current interest. This is mainly due to the limited computing-plus-communication resources featuring state-of-the-art wireless P2P CDNs. In principle, an effective means to cope with this limitation is to empower traditional P2P CDNs by distributed Fog nodes. Motivated by this consideration, the goal of this paper is twofold. First, we propose and describe the main building blocks of a hybrid (e.g., mixed infrastructure and “ad hoc”) Fog-supported P2P architecture for wireless content delivery, namely, the Fog-Caching P2P architecture. It exploits the topological (possibly, time varying) information locally available at the serving Fog nodes, in order to speed up the data searching operations performed by the served peers. Second, we propose a bandwidth and delay-efficient, distributed and adaptive probabilistic search algorithm, that relies on the learning automata paradigm, e.g., the Fog-supported Learning Automata Adaptive Probabilistic Search (FLAPS) algorithm. The main feature of the FLAPS algorithm is the exploitation of the local topology information provided by the serving Fog nodes and the current status of the collaborating peers, in order to run a suitably distributed reinforcement algorithm for the adaptive discovery of peer-to-peer and peer-to-fog minimum-hop routes. The performance of the proposed FLAPS algorithm is numerically evaluated in terms of Success Rate, Hit-per-Query, Message-per-Query, Response Delay and Message Duplication Factor over a number of randomly generated benchmark CDN topologies. Furthermore, in order to corroborate the actual effectiveness of the FLAPS algorithm, extensive performance comparisons are carried out with some state-of-the-art searching algorithms, namely the Adaptive Probabilistic Search, Improved Adaptive Probabilistic Search and the Random Walk algorithms.

    Samaher Al-Janabi, Ibrahim Al-Shourbaji, MOHAMMAD SHOJAFAR, Shahaboddin Shamshirband (2017)Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications, In: Egyptian informatics journal18(2)pp. 113-122 Elsevier B.V

    Wireless Body Area Network (WBAN) is a new trend in the technology that provides remote mechanism to monitor and collect patient’s health record data using wearable sensors. It is widely recognized that a high level of system security and privacy play a key role in protecting these data when being used by the healthcare professionals and during storage to ensure that patient’s records are kept safe from intruder’s danger. It is therefore of great interest to discuss security and privacy issues in WBANs. In this paper, we reviewed WBAN communication architecture, security and privacy requirements and security threats and the primary challenges in WBANs to these systems based on the latest standards and publications. This paper also covers the state-of-art security measures and research in WBAN. Finally, open areas for future research and enhancements are explored.

    Raja Wasim Ahmad, Abdullah Gani, Siti Hafizah Ab Hamid, MOHAMMAD SHOJAFAR, Abdelmuttlib Ibrahim Abdalla Ahmed, SA Madani, Kashif Saleem, Joel J.P.C Rodrigues (2017)A survey on energy estimation and power modeling schemes for smartphone applications, In: International journal of communication systems30(11)

    Summary In the last decade, the rising trend in the popularity of smartphones motivated software developers to increase application functionality. However, increasing application functionality demands extra power budget that as a result, decreases smartphone battery lifetime. Optimizing energy critical sections of an application creates an opportunity to increase battery lifetime. Smartphone application energy estimation helps investigate energy consumption behavior of an application at diversified granularity (eg, coarse and fine granular) for optimal battery resource use. This study explores energy estimation and modeling schemes to highlight their advantages and shortcomings. It classifies existing smartphone application energy estimation and modeling schemes into 2 categories, ie, code analysis and mobile components power model–based estimation owing to their architectural designs. Moreover, it further classifies code analysis–based modeling and estimation schemes in simulation‐based and profiling‐based categories. It compares existing energy estimation and modeling schemes based on a set of parameters common in most literature to highlight the commonalities and differences among reported literature. Existing application energy estimation schemes are low‐accurate, resource expensive, or non‐scalable, as they consider marginally accurate smart battery's voltage/current sensors, low‐rate power capturing tools, and labor‐driven lab‐setting environment to propose power models for smartphone application energy estimation. Besides, the energy estimation overhead of the components power model–based estimation schemes is very high as they physically run the application on a smartphone for energy profiling. To optimize smartphone application energy estimation, we have highlighted several research issues to help researchers of this domain to understand the problem clearly. As shown in figure, this paper discusses energy estimation methods and techniques for energy estimation of smartphone applications. It estimates energy consumption of applications based on smartphone components power models or source code energy models. It proposes taxonomies and highlights open research issues. It concludes that energy estimation is a resource expensive task owing to high profiling overhead.

    Rahim Taheri, Reza Javidan, MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Ali Miri, M Conti (2020)On defending against label flipping attacks on malware detection systems, In: Neural computing & applications32(18)pp. 14781-14800

    Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature.

    Q Fan, Jianhua Chen, MOHAMMAD SHOJAFAR, Saru Kumari, D He (2022)SAKE*: A Symmetric Authenticated Key Exchange Protocol with Perfect Forward Secrecy for Industrial Internet of Things, In: IEEE transactions on industrial informatics IEEE

    Security in Industrial Internet of Things (IIoT) is of vital importance as there are some cases where IIoT devices collect sensory information for crucial social production and life. Thus, designing secure and efficient communication channels is always a research hotspot. However, end devices have limitations in memory, computation, and power-supplying capacities. Moreover, perfect forward secrecy (PFS), which means that long-term key exposure cannot disclose previous session keys, is a critical security property for authentication and key exchange (AKE). In this paper, we propose an AKE protocol named SAKE* for the IIoT environment, where PFS is provided by two types of keys (i.e., a master key and an evolution key). In addition, the SAKE* protocol merely uses concatenation, XOR, and hash function operations to achieve lightweight authentication, key exchange, and message integrity. We also compare the SAKE* protocol with seven recent and IoT-related authentication protocols in terms of security properties and performance. Comparison results indicate that the SAKE* protocol consumes the least computation resource and third least communication cost among eight AKE protocols while equipping with twelve security properties.

    Ke Wang, P. Xu, Chien-Ming Chen, Saru Kumari, MOHAMMAD SHOJAFAR, Mamoun Alazab (2020)Neural Architecture Search for Robust Networks in 6G-enabled Massive IoT Domain, In: IEEE internet of things journalpp. 1-1 IEEE

    6G technology enables AI-based massive IoT to manage network resources and data with ultra high speed, responsive network and wide coverage. However, many artificial intelligence-enabled internet of things (AIoT) systems are vulnerable to adversarial example attacks. Therefore, designing robust deep learning models that can be deployed on resource-constrained devices has become an important research topic in the field of 6G-enabled AIoT. In this paper, we propose a method for automatically searching for robust and efficient neural network structures for AIoT systems. By introducing a skip connection structure, a feature map with reduced front-end influence can be used for calculations during the classification process. Additionally, a novel type of of dense connected search space is proposed. By relaxing this space, it is possible to search for network structures efficiently. In addition, combined with adversarial training and model delay constraints, we propose a multi-objective gradient optimization method to realize the automatic searching of network structures. Experimental results demonstrate that our method is effective for AIoT systems and superior to state-of-the-art neural architecture search algorithms.

    Yassine Maleh, Imed Romdhani, MOHAMMAD SHOJAFAR, Mamoun Alazab (2020)Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications CRC Press

    Blockchain technology is defined as a decentralized system of distributed registers that are used to record data transactions on multiple computers. The reason this technology has gained popularity is that you can put any digital asset or transaction in the blocking chain, the industry does not matter. Blockchain technology has infiltrated all areas of our lives, from manufacturing to healthcare and beyond. Cybersecurity is an industry that has been significantly affected by this technology and may be more so in the future. Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about blockchain technology applications for cybersecurity and privacy. This book focuses on the fundamentals, architectures, and challenges of adopting blockchain for cybersecurity. Readers will discover different applications of blockchain for cybersecurity in IoT and healthcare. The book also includes some case studies of the blockchain for e-commerce online payment, retention payment system, and digital forensics. The book offers comprehensive coverage of the most essential topics, including: Blockchain architectures and challenges Blockchain threats and vulnerabilities Blockchain security and potential future use cases Blockchain for securing Internet of Things Blockchain for cybersecurity in healthcare Blockchain in facilitating payment system security and privacy This book comprises a number of state-of-the-art contributions from both scientists and practitioners working in the fields of blockchain technology and cybersecurity. It aspires to provide a relevant reference for students, researchers, engineers, and professionals working in this particular area or those interested in grasping its diverse facets and exploring the latest advances on the blockchain for cybersecurity and privacy.

    Masoumeh Safkhani, Saru Kumari, Mohammad Shojafar, Sachin Kumar (2022)An authentication and key agreement scheme for smart grid, In: Peer-to-Peer Networking and Applications Springer

    The Internet of Things (IoT) plays a crucial role in the new generation of smart cities, in which developing Internet of Energy (IoE) in the energy sector is a necessity also. Several schemes have been proposed so far and in this paper we analyze the security of a recently proposed authentication and key agreement framework for smart grid named PALK. Our security analysis demonstrates that an attacker can extract the user permanent identifier and password, which are enough to do any other attacks. To remedy the weaknesses and amend PALK, we propose an improved protocol based on Physical Unclonable Function(PUF) to provide desired security at a reasonable cost. We also prove the semantic security of constructed scheme by using the widely-accepted real and synthetic model, under the computationally hard Diffie-Hellman assumption. Computational and communication cost analysis of the improved protocol versus PALK, based on identical parameter sets on our experimental results on an Arduino UNO R3 board having microcontroller ATmega328P, shows 46% and 23% enhancements, respectively. We also provide, the energy consumption of the proposed protocol and each session of the protocol consumes almost 24 mJ energy. It shows that it is an appropriate choice for constrained environments, such as IoE.

    Farooq Hoseiny, Sadoon Azizi, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI (2021)Joint QoS-aware and Cost-efficient Task Scheduling for Fog-Cloud Resources in a Volunteer Computing System, In: ACM transactions on Internet technology

    Volunteer computing is an Internet-based distributed computing system in which volunteers share their extra available resources to manage large-scale tasks. However, computing devices in a Volunteer Computing System (VCS) are highly dynamic and heterogeneous in terms of their processing power, monetary cost, and data transferring latency. To ensure both the high Quality of Service (QoS) and low cost for different requests, all of the available computing resources must be used efficiently. Task scheduling is an NP-hard problem that is considered one of the main critical challenges in a heterogeneous VCS. Due to this, in this paper, we design two task scheduling algorithms for VCSs, named Min-CCV and Min-V. The main goal of the proposed algorithms is jointly minimizing the computation, communication and delay violation cost for the Internet of Things (IoT) requests. Our extensive simulation results show that proposed algorithms are able to allocate tasks to volunteer fog/cloud resources more efficiently than the state-of-the-art. Specifically, our algorithms improve the deadline satisfaction task rates by around 99.5% and decrease the total cost between 15 to 53% in comparison with the genetic-based algorithm.

    MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Mehdi Sookhak, Rajkumar Buyya (2019)Recent advances in cloud data centers toward fog data centers, In: Concurrency and computation31(8)pp. e5164-n/a

    In recent years, we have witnessed tremendous advances in cloud data centers (CDCs) from the point of view of the communication layer. A recent report from Cisco Systems Inc demonstrates that CDCs, which are distributed across many geographical locations, will dominate the global data center traffic flow for the foreseeable future. Their importance is highlighted by a top‐line projection from this forecast that by 2019, more than four‐fifths of total data center traffic will be Cloud traffic. The geographical diversity of the computing resources in CDCs provides several benefits, such as high availability, effective disaster recovery, uniform access to users in different regions, and access to different energy sources. Although Cloud technology is currently predominant, it is essential to leverage new agile software technologies, agile processes, and agile applications near to both the edge and the users; hence, the concept of Fog has been developed.Fog computing (FC) has emerged as an alternative to traditional Cloud computing to support geographically distributed latency‐sensitive and QoS‐aware IoT applications while reducing the burden on data centers used in traditional Cloud computing. In particular, FC with features that can support heterogeneity and real‐time applications (eg, low latency, location awareness, and the capacity to process a large number of nodes with wireless access) is an attractive solution for delay‐ and resource‐constrained large‐scale applications. The distinguishing feature of the FC paradigm is that a set of Fog nodes (FNs) spreads communication and computing resources over the wireless access network to provide resource augmentation to resource‐limited and energy‐limited wireless (possibly mobile) devices. The joint management of Fog and Internet of Technology (IoT) paradigms can reduce the energy consumption and operating costs of state‐of‐the‐art Fog‐based data centers (FDCs). An FDC is dedicated to supervising the transmission, distribution, and communication of FC. As a vital component of the Internet of Everything (IoE) environment, an FDC is capable of filtering and processing a considerable amount of incoming data on edge devices, by making the data processing architecture distributed and thereby scalable. An FDC therefore provides a platform for filtering and analyzing the data generated by sensors utilizing the resources of FNs.Increasing interest is emerging in FDCs and CDCs that allow the delivery of various kinds of agile services and applications over telecommunication networks and the Internet, including resource provisioning, data streaming/transcoding, analysis of high‐definition videos across the edge of the network, IoE application analysis, etc. Motivated by these issues, this special section solicits original research and practical contributions that advance the use of CDCs/FDCs in new technologies such as IoT, edge networks, and industries. Results obtained from simulations are validated in terms of their boundaries by experiments or analytical results. The main objectives of this special issue are to provide a discussion forum for people interested in Cloud and Fog networking and to present new models, adaptive tools, and applications specifically designed for distributed and parallel on‐demand requests received from (mobile) users and Cloud applications.These papers presented in this special issue provide insights in fields related to Cloud and Fog/edge architecture, including parallel processing of Cloudlets/Foglets, the presentation of new emerging models, performance evaluation and improvements, and developments in Cloud/Fog applications. We hope that readers can benefit from the insights in these papers, and contribute to these rapidly growing areas.

    Enzo Baccarelli, Paola G Vinueza Naranjo, Michele Scarpiniti, MOHAMMAD SHOJAFAR, Jemal Abawajy (2017)Fog of Everything: Energy-Efficient Networked Computing Architectures, Research Challenges, and a Case Study, In: IEEE access5pp. 9882-9910 IEEE

    Fog computing (FC) and Internet of Everything (IoE) are two emerging technological paradigms that, to date, have been considered standing-alone. However, because of their complementary features, we expect that their integration can foster a number of computing and network-intensive pervasive applications under the incoming realm of the future Internet. Motivated by this consideration, the goal of this position paper is fivefold. First, we review the technological attributes and platforms proposed in the current literature for the standing-alone FC and IoE paradigms. Second, by leveraging some use cases as illustrative examples, we point out that the integration of the FC and IoE paradigms may give rise to opportunities for new applications in the realms of the IoE, Smart City, Industry 4.0, and Big Data Streaming, while introducing new open issues. Third, we propose a novel technological paradigm, the Fog of Everything (FoE) paradigm, that integrates FC and IoE and then we detail the main building blocks and services of the corresponding technological platform and protocol stack. Fourth, as a proof-of-concept, we present the simulated energy-delay performance of a small-scale FoE prototype, namely, the V-FoE prototype. Afterward, we compare the obtained performance with the corresponding one of a benchmark technological platform, e.g., the V-D2D one. It exploits only device-to-device links to establish inter-thing "ad hoc" communication. Last, we point out the position of the proposed FoE paradigm over a spectrum of seemingly related recent research projects.

    Luca Chiaraviglio, Lavinia Amorosi, Nicola Blefari‐Melazzi, Paolo Dell'Olmo, MOHAMMAD SHOJAFAR, Stefano Salsano (2019)Optimal management of reusable functional blocks in 5G superfluid networks, In: International journal of network management29(1)pp. e2045-n/a

    Summary We consider the problem of managing a 5G network composed of virtualized entities, called reusable functional blocks (RFBs), as proposed by the Horizon 2020 SUPERFLUIDITY project. The RFBs are used to decompose network functions and services and are deployed on top of physical nodes, in order to realize the 5G functionalities. After formally modeling the RFBs in a 5G network, as well as the physical nodes hosting them, we formulate the problem of managing the 5G network through the RFBs, in order to satisfy different key performance indicators to users. In particular, we focus either on the maximization of the amount of downlink throughput sent to users or on the minimization of the number of powered‐on physical nodes. We then consider different scenarios to evaluate the proposed formulations. Our results show that, when an RFB‐based approach is put into place, a high level of flexibility and dynamicity is achieved. In particular, the RFBs can be shared, moved, and rearranged based on the network conditions. As a result, the downlink throughput can be extremely high, ie, more than 150 Mbps per user on average when the throughput maximization is pursued and more than 100 Mbps on average when the goal is the minimization of the number of powered‐on physical nodes. We consider the management of a 5G network composed of virtualized entities, called reusable functional blocks (RFBs), which are used to decompose network functions and services and are deployed on top of physical nodes, in order to realize the 5G functionalities. We then evaluate the performance of an RFB‐based 5G network, showing that the downlink throughput can be extremely high, ie, more than 150 [Mbps] per user on average when the throughput maximization is pursued.

    Ke Wang, Chien-Ming Chen, Zhuoyu Tie, MOHAMMAD SHOJAFAR, Sachin Kumar, Saru Kumari (2021)Forward Privacy Preservation in IoT enabled Healthcare Systems, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    IoT-enabled smart healthcare systems has the characteristics of heterogeneous fusion, cross domain, collaborative autonomy, dynamic change and open interconnection, but they bring huge challenges in privacy issues. We proposed a scheme of forward privacy preserving for IoT-enabled healthcare systems, which mainly includes a searchable encryption scheme to achieve privacy preserving and searchable function. Our scheme uses trapdoor permutation to change the status counter, and it makes the adversary difficult to determine the valid status counter of inserted record with only the public key of the client. Our mechanism can solve the problem of verifying the correctness of the search results in the top-k search scenario with only part of the search results. The formal security analysis proves that our scheme achieves forward privacy preservation which can guarantee the privacy of healthcare data. Besides, performance evaluation shows our scheme are efficient and secure to preserve privacy of IoT-enabled healthcare systems.

    Claudia Canali, Luca Chiaraviglio, Riccardo Lancellotti, MOHAMMAD SHOJAFAR (2018)Joint Minimization of the Energy Costs From Computing, Data Transmission, and Migrations in Cloud Data Centers, In: IEEE Transactions on Green Communications and Networking2(2)pp. 580-595 IEEE

    We propose a novel model, called joint computing, data transmission and migration energy costs (JCDME), for the allocation of virtual elements (VEs), with the goal of minimizing the energy consumption in a software-defined cloud data center (SDDC). More in detail, we model the energy consumption by considering the computing costs of the VEs on the physical servers, the costs for migrating VEs across the servers, and the costs for transferring data between VEs. In addition, JCDME introduces a weight parameter to avoid an excessive number of VE migrations. Specifically, we propose three different strategies to solve the JCDME problem with an automatic and adaptive computation of the weight parameter for the VEs migration costs. We then evaluate the considered strategies over a set of scenarios, ranging from a small sized SDDC up to a medium-sized SDDC composed of hundreds of VEs and hundreds of servers. Our results demonstrate that JCDME is able to save up to an additional 7% of energy with respect to previous energy-aware algorithms, without a substantial increase in the solution complexity.

    Bushra Jamil, MOHAMMAD SHOJAFAR, I Ahmed, Atta Ullah, Kashif Munir, Humaira Ijaz (2020)A job scheduling algorithm for delay and performance optimization in fog computing, In: Concurrency and computation32(7)
    Saeed Javanmardi, MOHAMMAD SHOJAFAR, Reza Mohammadi, Amin Nazari, Valerio Persico, Antonio Pescapè (2021)FUPE: A security driven task scheduling approach for SDN-based IoT–Fog networks, In: Journal of information security and applications60 Elsevier Ltd

    Fog computing is a paradigm to overcome the cloud computing limitations which provides low latency to the users’ applications for the Internet of Things (IoT). Software-defined networking (SDN) is a practical networking infrastructure that provides a great capability in managing network flows. SDN switches are powerful devices, which can be used as fog devices/fog gateways simultaneously. Hence, fog devices are more vulnerable to several attacks. TCP SYN flood attack is one of the most common denial of service attacks, in which a malicious node produces many half-open TCP connections on the targeted computational nodes so as to break them down. Motivated by this, in this paper, we apply SDN concepts to address TCP SYN flood attacks in IoT–fog networks . We propose FUPE, a security-aware task scheduler in IoT–fog networks. FUPE puts forward a fuzzy-based multi-objective particle swarm Optimization approach to aggregate optimal computing resources and providing a proper level of security protection into one synthetic objective to find a single proper answer. We perform extensive simulations on IoT-based scenario to show that the FUPE algorithm significantly outperforms state-of-the-art algorithms. The simulation results indicate that, by varying the attack rates, the number of fog devices, and the number of jobs, the average response time of FUPE improved by 11% and 17%, and the network utilization of FUPE improved by 10% and 22% in comparison with Genetic and Particle Swarm Optimization algorithms, respectively.

    Luca Chiaraviglio, Fabio D'Andreagiovanni, Riccardo Lancellotti, MOHAMMAD SHOJAFAR, Nicola Blefari‐Melazzi, Claudia Canali (2018)An Approach to Balance Maintenance Costs and Electricity Consumption in Cloud Data Centers, In: IEEE transactions on sustainable computing3(4)pp. 274-288 IEEE

    We target the problem of managing the power states of the servers in a Cloud Data Center (CDC) to jointly minimize the electricity consumption and the maintenance costs derived from the variation of power (and consequently of temperature) on the servers' CPU. More in detail, we consider a set of virtual machines (VMs) and their requirements in terms of CPU and memory across a set of Time Slot (TSs). We then model the consumed electricity by taking into account the VMs processing costs on the servers, the costs for transferring data between the VMs, and the costs for migrating the VMs across the servers. In addition, we employ a material-based fatigue model to compute the maintenance costs needed to repair the CPU, as a consequence of the variation over time of the server power states. After detailing the problem formulation, we design an original algorithm, called Maintenance and Electricity Costs Data Center (MECDC), to solve it. Our results, obtained over several scenarios from a real CDC, show that MECDC largely outperforms two reference algorithms, which instead either target the load balancing or the energy consumption of the servers.

    MOHAMMAD SHOJAFAR, Nicola Cordeschi, Enzo Baccarelli (2019)Energy-Efficient Adaptive Resource Management for Real-Time Vehicular Cloud Services, In: IEEE transactions on cloud computing7(1)pp. 196-209 IEEE Computer Society

    Providing real-time cloud services to Vehicular Clients (VCs) must cope with delay and delay-jitter issues. Fog computing is an emerging paradigm that aims at distributing small-size self-powered data centers (e.g., Fog nodes) between remote Clouds and VCs, in order to deliver data-dissemination real-time services to the connected VCs. Motivated by these considerations, in this paper, we propose and test an energy-efficient adaptive resource scheduler for Networked Fog Centers (NetFCs). They operate at the edge of the vehicular network and are connected to the served VCs through Infrastructure-to-Vehicular (I2V) TCP/IP-based single-hop mobile links. The goal is to exploit the locally measured states of the TCP/IP connections, in order to maximize the overall communication-plus-computing energy efficiency, while meeting the application-induced hard QoS requirements on the minimum transmission rates, maximum delays and delay-jitters. The resulting energy-efficient scheduler jointly performs: (i) admission control of the input traffic to be processed by the NetFCs; (ii) minimum-energy dispatching of the admitted traffic; (iii) adaptive reconfiguration and consolidation of the Virtual Machines (VMs) hosted by the NetFCs; and, (iv) adaptive control of the traffic injected into the TCP/IP mobile connections. The salient features of the proposed scheduler are that: (i) it is adaptive and admits distributed and scalable implementation; and, (ii) it is capable to provide hard QoS guarantees, in terms of minimum/maximum instantaneous rates of the traffic delivered to the vehicular clients, instantaneous rate-jitters and total processing delays. Actual performance of the proposed scheduler in the presence of: (i) client mobility; (ii) wireless fading; and, (iii) reconfiguration and consolidation costs of the underlying NetFCs, is numerically tested and compared against the corresponding ones of some state-of-the-art schedulers, under both synthetically generated and measured real-world workload traces.

    Mohammad M Tajiki, MOHAMMAD SHOJAFAR, Behzad Akbari, Stefano Salsano, M Conti, Mukesh Singhal (2019)Joint failure recovery, fault prevention, and energy-efficient resource management for real-time SFC in fog-supported SDN, In: Computer networks (Amsterdam, Netherlands : 1999)162 Elsevier B.V

    Middleboxes have become a vital part of modern networks by providing services such as load balancing, optimization of network traffic, and content filtering. A sequence of middleboxes comprising a logical service is called a Service Function Chain (SFC). In this context, the main issues are to maintain an acceptable level of network path survivability and a fair allocation of the resource between different demands in the event of faults or failures. In this paper, we focus on the problems of traffic engineering, failure recovery, fault prevention, and SFC with reliability and energy consumption constraints in Software Defined Networks (SDN). These types of deployments use Fog computing as an emerging paradigm to manage the distributed small-size traffic flows passing through the SDN-enabled switches (possibly Fog Nodes). The main aim of this integration is to support service delivery in real-time, failure recovery, and fault-awareness in an SFC context. Firstly, we present an architecture for Failure Recovery and Fault Prevention called FRFP; this is a multi-tier structure in which the real-time traffic flows pass through SDN-enabled switches to jointly decrease the network side-effects of flow rerouting and energy consumption of the Fog Nodes. We then mathematically formulate an optimization problem called the Optimal Fog-Supported Energy-Aware SFC rerouting algorithm (OFES) and propose a near-optimal heuristic called Heuristic OFES (HFES) to solve the corresponding problem in polynomial time. In this way, the energy consumption and the reliability of the selected paths are optimized, while the Quality of Service (QoS) constraints are met and the network congestion is minimized. In a reliability context, the focus of this work is on fault prevention; however, since we use a reallocation technique, the proposed scheme can be used as a failure recovery scheme. We compare the performance of HFES and OFES in terms of energy consumption, average path length, fault probability, network side-effects, link utilization, and Fog Node utilization. Additionally, we analyze the computational complexity of HFES. We use a real-world network topology to evaluate our algorithm. The simulation results show that the heuristic algorithm is applicable to large-scale networks.

    Pedram Asef, Rahim Taheri, Mohammad Shojafar, Iosif Mporas, Rahim Tafazolli (2022)SIEMS: A Secure Intelligent Energy Management System for Industrial IoT applications, In: IEEE Transactions on Industrial Informatics Institute of Electrical and Electronics Engineers (IEEE)

    In this work, we deploy a one-day-ahead prediction algorithm using a deep neural network for a fast-response BESS in an intelligent energy management system (I-EMS) that is called SIEMS. The main role of the SIEMS is to maintain the state of charge at high rates based on the one-day-ahead information about solar power, which depends on meteorological conditions. The remaining power is supplied by the main grid for sustained power streaming between BESS and end-users. Considering the usage of information and communication technology components in the microgrids, the main objective of this paper is focused on the hybrid microgrid performance under cyber-physical security adversarial attacks. Fast gradient sign, basic iterative, and DeepFool methods, which are investigated for the first time in power systems e.g. smart grid and microgrids, in order to produce perturbation for training data.

    Han Liu, Dezhi Han, Mingming Cui, Kuan-Ching Li, Alireza Souri, Mohammad Shojafar (2023)IdenMultiSig: Identity-Based Decentralized Multi-Signature in Internet of Things, In: IEEE transactions on computational social systems

    Most devices in the Internet of Things (IoT) work on unsafe networks and are constrained by limited computing, power, and storage resources. Since the existing centralized signature schemes cannot address the challenges to security and efficiency in IoT identification, this article proposes IdenMultiSig, a decentralized multi-signature protocol that combines identity-based signature (IBS) with Schnorr scheme under discrete logarithms on elliptic curves. First, to solve the problem of offline or faulty devices under unstable networks, we introduce a novel improvement of the existing Schnorr scheme by introducing a threshold Merkle tree for the verification with only m valid signatures among n participants ( m – n tree), while hiding the real identity to protect the data security and privacy of IoT nodes. Furthermore, to prevent dishonest or malicious behavior of the private key generator (PKG), a consortium blockchain is innovatively applied to replace the traditional PKG as a decentralized and trusted private key issuer. Finally, the proposed scheme is proven to be unforgeable against forgery signature attacks in the random oracle model (ROM) under the elliptic curve discrete logarithm (ECDL) assumption. Theoretical analysis and experimental results show that our scheme matches or outperforms existing research studies in privacy protection, offline device support, decentralized PKG, and provable security.

    Sadoon Azizi, MOHAMMAD SHOJAFAR, Jemal Abawajy, Rajkumar Buyya (2022)Deadline-aware and energy-efficient IoT task scheduling in fog computing systems: A semi-greedy approach, In: Journal of network and computer applications201 Elsevier Ltd

    With the rapid advancement of Internet of Things (IoT) devices, a variety of IoT applications that require a real-time response and low latency have emerged. Fog computing has become a viable platform for processing emerging IoT applications. However, fog computing devices tend to be highly distributed, dynamic, and resource-constrained, so deploying fog computing resources effectively for executing heterogeneous and delay-sensitive IoT tasks is a fundamental challenge. In this paper, we mathematically formulate the task scheduling problem to minimize the total energy consumption of fog nodes (FNs) while meeting the quality of service (QoS) requirements of IoT tasks. We also consider the minimization of the deadline violation time in our model. Next, we propose two semi-greedy based algorithms, namely priority-aware semi-greedy (PSG) and PSG with multistart procedure (PSG-M), to efficiently map IoT tasks to FNs. We evaluate the performance of the proposed task scheduling approaches with respect to the percentage of IoT tasks that meet their deadline requirement, total energy consumption, total deadline violation time, and the system’s makespan. Compared with existing algorithms, the experiment results confirm that the proposed algorithms improve the percentage of tasks meeting their deadline requirement up to 1.35x and decrease the total deadline violation time up to 97.6% compared to the second-best results, respectively, while the energy consumption of fog resources and makespan of the system are optimized.

    Huadong Liu, Tianlong Gu, Mohammad Shojafar, Mamoun Alazab, Yining Liu (2022)OPERA: OPtional dimEnsional pRivacy-preserving data Aggregation for Smart Healthcare Systems, In: IEEE Transactions on Industrial Informaticspp. 1-10 Institute of Electrical and Electronics Engineers (IEEE)

    Massive multidimensional health data collected from Internet of Things (IoT) devices are driving a new era of smart health, and with it come privacy concerns. Privacy-preserving data aggregation (PDA) is a proven solution providing statistics while hiding raw data. However, existing PDA schemes ignore the willingness of data owners to share, so data owners may refuse to share data. To increase their willingness to contribute data, we propose an OPtional dimEnsional pRivacy-preserving data Aggregation scheme, OPERA , to provide data contributors with options on sharing dimensions while keeping their choices and data private. OPERA uses selection vectors to represent the decisions of users and count participants dimensionally and achieves data privacy and utility based on a multi-secret sharing method and symmetric homomorphic cryptography. Analyses show that in OPERA, the probability of adversaries breaching privacy is less than 4.68e-97. Performance evaluations demonstrate that OPERA is outstanding in computation and practical communication.

    Z-H Zhou, Mohammad Shojafar, Mamoun Alazab, Fangmin Li (2022)IECL: An Intelligent Energy Consumption Model for Cloud Manufacturing, In: IEEE Transactions on Industrial Informatics Institute of Electrical and Electronics Engineers (IEEE)

    The high computational capability provided by a data centre makes it possible to solve complex manufacturing issues and carry out large-scale collaborative cloud manufacturing. Accurate, real-time estimation of the power required by a data centre can help resource providers predict the total power consumption and improve resource utilisation. To enhance the accuracy of server power models, we propose a real-time energy consumption prediction method called IECL that combines the support vector machine, random forest, and grid search algorithms. The random forest algorithm is used to screen the input parameters of the model, while the grid search method is used to optimise the hyperparameters. The error confidence interval is also leveraged to describe the uncertainty in the energy consumption by the server. Our experimental results suggest that the average absolute error for different workloads is less than 1.4% with benchmark models.

    Bushra Jamil, Humaira Ijaz, Mohammad Shojafar, Kashif Munir (2023)IRATS: A DRL-based intelligent priority and deadline-aware online resource allocation and task scheduling algorithm in a vehicular fog network, In: Ad hoc networks141103090 Elsevier B.V

    Cloud computing platforms support the Internet of Vehicles, but the main bottlenecks are high latency and massive data transmission in cloud-based processing. Vehicular fog computing has emerged as a promising paradigm to accommodate the increasing computational needs of vehicles. It provides low latency network services that are most important for latency-sensitive tasks. The dynamic nature of VFC, having vehicles with heterogeneous computing resources, vehicle mobility, and diverse tasks with different priorities are the main challenges in vehicular fog networks. In VFC, vehicles can share their idle compute resources with other task-generating vehicles. So, scheduling the tasks on the idle resources of resource-limited vehicles is very important. Existing solutions use a heuristic approach to solve this issue but lack generalizability and adaptability. In this paper, we describe a PPO-based intelligent, priority and deadline-aware online and distributed resource allocation and task scheduling algorithm, called IRATS, in vehicular fog networks. IRATS formulates the resource allocation problem as a Markov decision process to minimize the waiting time and delay of tasks. For vehicles sharing their idle resources, we design a task scheduler for the orderly execution of received tasks according to their priorities using multi-level queues. We conducted extensive simulations using SUMO, OMNeT++, Veins, and veins-gym to validate the effectiveness of the presented algorithm. The simulation results confirm that the proposed algorithm improves the percentage of in-time completed tasks and decreases the packet loss, waiting time, and end-to-end delay as compared to random, A2C, and DQN algorithms considering the task priority and link duration of vehicles.

    Sadoon Azizi, MOHAMMAD SHOJAFAR, Jemal Abawajy, Rajkumar Buyya (2020)GRVMP: A Greedy Randomized Algorithm for Virtual Machine Placement in Cloud Data Centers, In: IEEE systems journalpp. 1-12 IEEE

    Cloud computing efficiency greatly depends on the efficiency of the virtual machines (VMs) placement strategy used. However, VM placement has remained one of the major challenging issues in cloud computing mainly because of the heterogeneity in both virtual and physical machines (PMs), the multidimensionality of the resources, and the increasing scale of the cloud data centers (CDCs). An inefficiency in VM placement strategy has a significant influence on the quality of service provided, the amount of energy consumed, and the running costs of the CDCs. To address these issues, in this article, we propose a greedy randomized VM placement (GRVMP) algorithm in a large-scale CDC with heterogeneous and multidimensional resources. GRVMP inspires the "power of two choices" model and places VMs on the more power-efficient PMs to jointly optimize CDC energy usage and resource utilization. The performance of GRVMP is evaluated using synthetic and real-world production scenarios (Amazon EC2) with several performance matrices. The results of the experiment confirm that GRVMP jointly optimizes power usage and the overall wastage of resource utilization. The results also show that GRVMP significantly outperforms the baseline schemes in terms of the performance metrics used.

    Saeed Javanmardi, Mohammad Shojafar, Reza Mohammadi, Valerio Persico, Antonio Pescapè (2023)S-FoS: A secure workflow scheduling approach for performance optimization in SDN-based IoT-Fog networks, In: Journal of information security and applications72103404 Elsevier Ltd

    Fog computing aims to provide resources to cloud data centers at the network’s edge to support time-critical Internet of Things (IoT) applications with low-latency requirements. Protecting the IoT-Fog resources and the scheduling services from the treats is critical for executing the users’ requests in the IoT-Fog network. Proper scheduling algorithms are essential to fulfill the requirements of users’ applications properly and fully harness the potential of IoT-Fog resources. Software-Defined Networking (SDN) is a structure that decouples the control plane from the data plane, resulting in more flexible management. That eases the implementation of security mechanisms in the IoT-Fog networks. In SDN-based IoT-Fog networks, SDN switches and controllers can serve as fog gateways/cloud gateways. SDN switches and controllers, on the other hand, are more susceptible to a variety of assaults, making the SDN controller a bottleneck and thus easy to control plane saturation. IoT devices are inherently insecure, making the IoT-Fog network vulnerable to a variety of attacks. This paper presents S-FoS, an SDN-based security-aware workflow scheduler for IoT-Fog networks. The proposed approach defends scheduling services against distributed denial of service (DDoS) and port scanning assaults. S-FoS is a joint security and performance optimization approach that uses fuzzy-based anomaly detection algorithms to identify the source of attacks and block malicious requestors. It also uses a NSGA-III multi-objective scheduler optimization approach to consider load balancing and delay simultaneously. We show that the S-FoS outperforms state-of-the-art algorithms in IoT-based scenarios through comprehensive simulations. The experiments indicate that by varying the attack rates, the number of IoT devices, and the number of fog devices, the response time of S-FoS could be improved by 31% and 18%, and the network utilization of S-FoS could be improved by 9% and 4%, respectively, compared to the NSGA-II and MOPSO algorithms.

    Enzo Baccarelli, Nicola Cordeschi, Alessandro Mei, Massimo Panella, MOHAMMAD SHOJAFAR, Julinda Stefa (2016)Energy-efficient dynamic traffic offloading and reconfiguration of networked data centers for big data stream mobile computing: review, challenges, and a case study, In: IEEE network30(2)pp. 54-61 IEEE

    Big data stream mobile computing is proposed as a paradigm that relies on the convergence of broadband Internet mobile networking and real-time mobile cloud computing. It aims at fostering the rise of novel self-configuring integrated computing-communication platforms for enabling in real time the offloading and processing of big data streams acquired by resource-limited mobile/wireless devices. This position article formalizes this paradigm, discusses its most significant application opportunities, and outlines the major challenges in performing real-time energy-efficient management of the distributed resources available at both mobile devices and Internet-connected data centers. The performance analysis of a small-scale prototype is also included in order to provide insight into the energy vs. performance tradeoff that is achievable through the optimized design of the resource management modules. Performance comparisons with some state-of-the-art resource managers corroborate the discussion. Hints for future research directions conclude the article.

    Shvan Omer, Sadoon Azizi, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI (2021)A Priority, Power and Traffic-aware Virtual Machine Placement of IoT Applications in Cloud Data Centers, In: Journal of systems architecture115

    Recent telecommunication paradigms, such as big data, Internet of Things (IoT), ubiquitous edge computing (UEC), and machine learning, are encountering with a tremendous number of complex applications that require different priorities and resource demands. These applications usually consist of a set of virtual machines (VMs) with some predefined traffic load between them. The efficiency of a cloud data center (CDC) as prominent component in UEC significantly depends on the efficiency of its VM placement algorithm applied. However, VM placement is an NP-hard problem and thus there exist practically no optimal solution for this problem. In this paper, motivated by this, we propose a priority, power and traffic-aware approach for efficiently solving the VM placement problem in a CDC. Our approach aims to jointly minimize power consumption, network consumption and resource wastage in a multi-dimensional and heterogeneous CDC. To evaluate the performance of the proposed method, we compared it to the state-of-the-art on a fat-tree topology under various experiments. Results demonstrate that the proposed method is capable of reducing the total network consumption up to 29%, the consumption of power up to 18%, and the wastage of resources up to 68%, compared to the second-best results.

    Alireza Souri, V Piuri, Mohammad Shojafar, Eyhab Al-Masri, Saru Kumari (2022)Green energy-efficient computing solutions in Internet of Things communications, In: International Journal of Communication Systems35(1)e5046 Wiley

    Over the last decade, the Internet of Things (IoT) had impressive growth and became the new direction of information technology. Also, the energy consumption has reached distressing rates due to the large scale of digital context, a number of subscribers, and the number of smart devices.1 By capturing and processing sensitive information in human life, the IoT devices and cloud data centers are increasing energy consumption with a high carbon emission phenomenon. In the IoT ecosystem, intelligent applications require to select smart devices with low energy consumption and battery saving because all smart devices have limited battery life and may lead to disconnect data transmission. However, it is challenging to design a fully optimized framework due to the interconnected nature of smart devices with different technologies. On the other hand, green energy-efficient computing has become a potential research focus in the IoT environment.2 Finally, energy consumption techniques are incoming a more advanced stage in the IoT communications. Also, green energy-efficient techniques can use on-demand protocols, machine learning, deep learning, and artificial intelligence methods to manage cost-effective and power-saving methods on smart devices in IoT communications. To this point, green energy-efficient computing solutions in IoT systems have emerging efforts and high potential to evaluate the critical points and safety conditions. The goal of this special issue is to highlight the latest research focusing on green energy-efficient computing solutions in IoT systems to address the challenges and critical points. We also aim to invite researchers to publish selected original articles presenting intelligent trends to solve new challenges of new problems. We are also interested in review articles as the state-of-the-art of this topic, showing recent major advances and discoveries, significant gaps in the research, and new future issues. This special issue provides a new platform for researchers and scientific experts to share and analyze existing technical case studies to the field of energy-efficient computing solutions in the IoT environments. Our special issue has attracted 35 manuscripts. After a peer review process, 10 papers have been selected for publication in this special issue. Details of these selected papers are presented in the next section.

    Meysam Ghahramani, Reza Javidan, MOHAMMAD SHOJAFAR, Rahim Taheri, Mamoun Alazab, RAHIM TAFAZOLLI (2021)RSS: An Energy-Efficient Approach for Securing IoT Service Protocols Against the DoS Attack, In: IEEE Internet of Things Journal8(5)pp. 3619-3635 IEEE

    Authentication protocols are powerful tools to ensure confidentiality as an important feature of Internet of Things (IoT). The Denial-of-Service (DoS) attack is one of the significant threats to availability , as another essential feature of IoT, which deprives users of services by consuming the energy of IoT nodes. On the other hand, computational intelligence algorithms can be applied to solve such issues in the network and cyber domains. Motivated by this, this article links these concepts. To do so, we analyze two lightweight authentication protocols, present a DoS attack inspired by users' misbehavior and suggest a solution called received signal strength, which is easy to compute, applicable for resisting against different kinds of vulnerabilities in Internet protocols, and feasible for practical implementations. We implement it on two scenarios for locating attackers, investigate the effects of IoT devices' internal error on locating, and propose an optimization problem to finding the exact location of attackers, which is efficiently solvable for computational intelligence algorithms, such as TLBO. Besides, we analyze the solutions for unreliable results of accurate devices and provide a solution to detect attackers with less than 12-cm error and the false alarm probability of 0.7%.

    Zheng Chu, Pei Xiao, Mohammad Shojafar, De Mi, Juquan Mao, Wanming Hao (2020)Intelligent Reflecting Surface Assisted Mobile Edge Computing for Internet of Things, In: IEEE Wireless Communications Letterspp. 1-1 IEEE

    This paper studies the impact of an intelligent reflecting surface (IRS) on computational performance in a mobile edge computing (MEC) system. Specifically, an access point (AP) equipped with an edge server provides MEC services to multiple internet of thing (IoT) devices that choose to offload a portion of their own computational tasks to the AP with the remaining portion being locally computed. We deploy an IRS to enhance the computational performance of the MEC system by intelligently adjusting the phase shift of each reflecting element. A joint design problem is formulated for the considered IRS assisted MEC system, aiming to optimize its sum computational bits and taking into account the CPU frequency, the offloading time allocation, transmit power of each device as well as the phase shifts of the IRS. To deal with the non-convexity of the formulated problem, we conduct our algorithm design by finding the optimized phase shifts first and then achieving the jointly optimal solution of the CPU frequency, the transmit power and the offloading time allocation by considering the Lagrange dual method and Karush-Kuhn-Tucker (KKT) conditions. Numerical evaluations highlight the advantage of the IRS-assisted MEC system in comparison with the benchmark schemes.

    Mamoun Alazab, Ameer Al-Nemrat, MOHAMMAD SHOJAFAR, Shahd Al-Janabi (2021)Foreword: Special Issue on Trends in Artificial Intelligence and Data Analytics for an Ethical and Inclusive Digitalized Society, In: International journal of uncertainty, fuzziness, and knowledge-based systems29(Suppl 2) World Scientific Publishing Co. Pte Ltd

    Artificial Intelligence (AI) and Data Analytics play a crucial role in building a digitalized society that is ethical and inclusive. AI is a simulation that is trained to learn and mimic human behaviour. These AI algorithms are capable of learning from their mistakes and doing tasks that are comparable to those performed by humans. AI will have a significant impact on our quality of life as it develops. The main aim of any tool and approach is to simplify human effort and aid us in making better decisions. Data Analytics helps in analyzing raw data in order to draw inferences from it. These techniques and processes have been automated in order to deal with raw data, which is intended for human consumption. The combination of both these techniques will help humans to evolve further in field of research and will enhance the decision making process... Byline: Mamoun Alazab, Ameer Al-Nemrat, Mohammad Shojafar, Shahd Al-Janabi

    Mohammad M Tajiki, MOHAMMAD SHOJAFAR, Behzad Akbari, Stefano Salsano, M Conti (2019)Software defined service function chaining with failure consideration for fog computing, In: Concurrency and computation31(8)pp. e4953-n/a

    Middleboxes have become a vital part of modern networks by providing services such as load balancing, optimization of network traffic, and content filtering. A sequence of middleboxes comprising a logical service is called a Service Function Chain (SFC). In this context, the main issues are to maintain an acceptable level of network path survivability and a fair allocation of the resource between different demands in the event of faults or failures. In this paper, we focus on the problems of traffic engineering, failure recovery, fault prevention, and SFC with reliability and energy consumption constraints in Software Defined Networks (SDN). These types of deployments use Fog computing as an emerging paradigm to manage the distributed small‐size traffic flows passing through the SDN‐enabled switches (possibly Fog Nodes). The main aim of this integration is to support service delivery in real‐time failure recovery in an SFC context. First, we present an architecture for Failure Recovery called FRFP; this is a multi‐tier structure in which the real‐time traffic flows pass through SDN‐enabled switches to jointly decrease the network side‐effects of flow rerouting and energy consumption of the Fog Nodes. We then mathematically formulate an optimization problem called the Optimal Fast Failure Recovery algorithm (OFFR) and propose a near‐optimal heuristic called Heuristic HFFR to solve the corresponding problem in polynomial time. In this way, the reliability of the selected paths are optimized, while the network congestion is minimized.

    Haleh Amintoosi, Mahdi Nikooghadam, MOHAMMAD SHOJAFAR, Saru Kumari, Mamoun Alazab (2022)Slight: A lightweight authentication scheme for smart healthcare services, In: Computers & electrical engineering99107803 Elsevier Ltd

    Critical infrastructures (CIs) include the vital resources for the country’s economic and health systems and should be kept secure. We face improvements in the Internet of Things which brings benefits and, at the same time, dependency for CIs. Internet of Medical Things (IoMT) is among the CI sectors that gather health-related information from patients via sensors and provide healthcare services accordingly. However, research has highlighted that this large-scale system opens the door to the patients’ private data disclosure. Recent work has concentrated on proposing authentication schemes to address this challenge. Motivated by this, in this paper, we introduce a secure and lightweight authentication and key agreement model named Slight. We informally prove Slight’s security and robustness against attacks and formally by using the Scyther tool. We analyze Slight’s performance to show it causes minimal computational overhead (0.0076 ms) and comparable communication overhead (1632 bits), making it suitable for IoMT. [Display omitted] •We propose secure and lightweight authentication and key agreement model named Slight for IoMT environments to provide privacy and security of patients’ health-related data.•The security of the proposed protocol is validated formally through the Scyther tool.•The proposed protocol provides resistance against well-known potential security attacks.•The performance analysis showed that proposed protocol is more efficient than other competing protocols in terms of computational and communication overhead.

    Z-H Zhou, MOHAMMAD SHOJAFAR, R Li, RAHIM TAFAZOLLI (2022)EVCT: An efficient VM deployment algorithm for a software-defined data center in a connected and autonomous vehicle environment, In: IEEE Transactions on Green Communications and Networking IEEE

    Software-defined data centers (SDDC) are an emerging softwarized model that can monitor the virtual machines' allocation atop the cloud servers. SDDC consists of softwarized entities like Virtual Machine (VM) and hardware entities like servers and connected switches. SDDCs apply VM deployment algorithms to preserve efficient placement and processing data traffic generated from the Connected and Autonomous Vehicles (CAV). To enhance user satisfaction, SDDC providers are always looking for an intellectual model to monitor large-scale incoming traffics, such as the Internet of Things (IoT) and CAV applications, by optimizing service quality and service level agreement (SLA). This paper is motivated by this, raising an energy-efficient VM cluster placement algorithm named EVCT to handle service quality and SLA issues in an SDDC in a CAV environment. EVCT algorithm leverages the similarity between VMs and models the problem of VM deployment into a weighted directed graph. Based on the amount of traffic between VM, EVCT adopts the "maximum flow and minimum cut theory" to cut the directed graph and achieve high energy-efficient placement for VMs. The proposed algorithm can efficiently reduce the energy consumption cost, provide a high quality of services (QoS) to users, and have good scalability for the variable workload. We have also carried out a series of experiments to use the real-world workload to evaluate the performance of the EVCT. The results illustrate that the EVCT surpasses the state-of-the-art algorithms in terms of energy consumption cost and efficiency.

    Mohammad M Tajiki, Behzad Akbari, MOHAMMAD SHOJAFAR, Nader Mokari (2017)Joint QoS and Congestion Control Based on Traffic Prediction in SDN, In: Applied sciences7(12)
    Marjan Golmaryami, Rahim Taheri, ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, PEI XIAO (2022)SETTI: A Self-supervised Adversarial Malware Detection Architecture in an IoT Environment, In: ACM transactions on multimedia computing, communications and applications

    In recent years, malware detection has become an active research topic in the area of Internet of Things (IoT) security. The principle is to exploit knowledge from large quantities of continuously generated malware. Existing algorithms practice available malware features for IoT devices and lack real-time prediction behaviors. More research is thus required on malware detection to cope with real-time misclassification of the input IoT data. Motivated by this, in this paper we propose an adversarial self-supervised architecture for detecting malware in IoT networks, SETTI, considering samples of IoT network traffic that may not be labeled. In the SETTI architecture, we design three self-supervised attack techniques, namely Self-MDS, GSelf-MDS and ASelf-MDS. The Self-MDS method considers the IoT input data and the adversarial sample generation in real-time. The GSelf-MDS builds a generative adversarial network model to generate adversarial samples in the self-supervised structure. Finally, ASelf-MDS utilizes three well-known perturbation sample techniques to develop adversarial malware and inject it over the self-supervised architecture. Also, we apply a defence method to mitigate these attacks, namely adversarial self-supervised training to protect the malware detection architecture against injecting the malicious samples. To validate the attack and defence algorithms, we conduct experiments on two recent IoT datasets: IoT23 and NBIoT. Comparison of the results shows that in the IoT23 dataset, the Self-MDS method has the most damaging consequences from the attacker's point of view by reducing the accuracy rate from 98% to 74%. In the NBIoT dataset, the ASelf-MDS method is the most devastating algorithm that can plunge the accuracy rate from 98% to 77%.

    Rahim Taheri, Reza Javidan, MOHAMMAD SHOJAFAR, P Vinod, M Conti (2020)Can machine learning model with static features be fooled: an adversarial machine learning approach, In: Cluster computing23(4)pp. 3233-3253

    The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method.

    Rahim Taheri, MOHAMMAD SHOJAFAR, Mamoun Alazab, RAHIM TAFAZOLLI (2020)FED-IIoT: A Robust Federated Malware Detection Architecture in Industrial IoT, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    The sheer volume of IIOT malware is one of the most serious security threats in today's interconnected world, with new types of advanced persistent threats and advanced forms of obfuscations. This paper presents a robust Federated Learning-based architecture called Fed-IIoT for detecting Android malware applications in IIoT. Fed-IIoT consists of two parts: i) participant side, where the data are triggered by two dynamic poisoning attacks based on a generative adversarial network (GAN) and Federated Generative Adversarial Network (FedGAN). While ii) server-side, aim to monitor the global model and shape a robust collaboration training model, by avoiding anomaly in aggregation by GAN network (A3GAN) and adjust two GAN-based countermeasure algorithms. One of the main advantages of Fed-IIoT is that devices can safely participate in the IIoT and efficiently communicate with each other, with no privacy issues. We evaluate our solution through experiments on various features using three IoT datasets. The results confirm the high accuracy rates of our attack and defence algorithms and show that the A3GAN defensive approach preserves the robustness of data privacy for Android mobile users and is about 8% higher accuracy with existing state-of-the-art solutions.

    MOHAMMAD SHOJAFAR, Mithun Mukherjee, V Piuri, Jemal Abawajy (2021)Guest Editorial Security and Privacy of Federated Learning Solutions for Industrial IoT Applications, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    This special section solicits original research and practical contributions which advance the security and privacy of federated learning solutions for industrial IoT applications.

    Ke Wang, XUBO LIU, Chien-Ming Chen, Saru Kumari, MOHAMMAD SHOJAFAR, Mohammed Alamgir Hossain (2020)Voice-Transfer Attacking on Industrial Voice Control Systems in 5G-Aided IIoT Domain, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    At present, specific voice control has gradually become an important means for 5G-IoT-aided industrial control systems. However, the security of specific voice control system needs to be improved, because the voice cloning technology may lead to industrial accidents and other potential security risks. In this paper, we propose a transductive voice transfer learning method to learn the predictive function from the source domain and fine-tune in the target domain adaptively. The target learning task and source learning task are both synthesizing speech signals from the given audio while the data sets of both domains are different. By adding different penalty values to each instances and minimizing the expected risk, an optimal precise model can be learned. Many details of the experimental results show that our method can effectively synthesize the speech of the target speaker with small samples.

    Ali Shahidinejad, Mostafa Ghobaei-Arani, Alireza Souri, MOHAMMAD SHOJAFAR, Saru Kumari (2021)Light-Edge: A Lightweight Authentication Protocol for IoT Devices in an Edge-Cloud Environment, In: IEEE consumer electronics magazinepp. 1-1 IEEE

    Due to the ever-growing use of active Internet devices, the Internet has achieved good popularity at present. The smart devices could connect to the Internet and communicate together that shape the Internet of Things (IoT). Such smart devices are generating data and are connecting to each other through edge-cloud infrastructure. Authentication of the IoT devices plays a critical role in the success of the integration of IoT, edge, and cloud computing technologies. The complexity and attack resistance of the authentication protocols are still the main challenges. Motivated by this, this paper introduces a lightweight authentication protocol for IoT devices named Light-Edge using a three-layer scheme, including IoT device layer, trust center at the edge layer, and cloud service providers. The results show the superiority of the proposed protocol against other approaches in terms of attack resistance, communication cost, and time cost.

    Ke Wang, Chien-Ming Chen, MOHAMMAD SHOJAFAR, Zhuoyu Tie, Mamoun Alazab, Saru Kumari (2022)AFFIRM: Provably Forward Privacy for Searchable Encryption in Cooperative Intelligent Transportation System, In: IEEE transactions on intelligent transportation systems IEEE

    With the construction of intelligent transportation, big data with heterogeneous, multi-source and massive characteristics has become an important carrier of cooperative intelligent transportation systems (C-ITS) and plays an important role. Big data in C-ITS can break through the restrictions between regions and entities and then learning cooperatively by sharing data. In addition, the combined efficiency and information integration advantages of big data are conducive to the construction of a comprehensive and three-dimensional traffic information system and can enhance traffic prediction. However, such substantial sensitive data, mainly on the cloud infrastructure, exposes several vulnerabilities like data leakages and privacy breaks, especially when data is shared for cooperative learning purposes. To address this, this paper proposes a forward privacy-preserving scheme, named AFFIRM, for multi-party encrypted sample alignment adopting cooperative learning in C-ITS. By introducing the searchable encryption method, we realize the sample alignment of cooperative learning in the multi-party encrypted data space. AFFIRM ensures encrypted sample alignment under the condition of forward privacy security. We have formally proved that the proposed scheme satisfies both forward security and validity. We have assessed AFFIRM by validating the potential threat of malicious tampering by privacy attackers and malicious personnel search for the aligned sample data and verify it. Finally, we numerically tested and compared AFFIRM against the corresponding ones of some state-of-the-art schemes under various record sizes, servers and processing.

    ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, Jemal Abawajy, A Abraham (2015)An efficient meta-heuristic algorithm for grid computing, In: Journal of combinatorial optimization30(3)pp. 413-434
    Paola G. Vinueza Naranjo, MOHAMMAD SHOJAFAR, Habib Mostafaei, ZAHRA POORANIAN, Enzo Baccarelli (2017)P-SEP: a prolong stable election routing algorithm for energy-limited heterogeneous fog-supported wireless sensor networks, In: The Journal of supercomputing73(2)pp. 733-755
    Xindi Ma, Qi Jiang, Mohammad Shojafar, Mamoun Alazab, Sachin Kumar, Saru Kumari (2022)DisBezant: Secure and Robust Federated Learning Against Byzantine Attack in IoT-Enabled MTS, In: IEEE Transactions on Intelligent Transportation Systemspp. 1-11 Institute of Electrical and Electronics Engineers (IEEE)

    With the intelligentization of Maritime Transportation System (MTS), Internet of Thing (IoT) and machine learning technologies have been widely used to achieve the intelligent control and routing planning for ships. As an important branch of machine learning, federated learning is the first choice to train an accurate joint model without sharing ships' data directly. However, there are still many unsolved challenges while using federated learning in IoT-enabled MTS, such as the privacy preservation and Byzantine attacks. To surmount the above challenges, a novel mechanism, namely DisBezant, is designed to achieve the secure and Byzantine-robust federated learning in IoT-enabled MTS. Specifically, a credibility-based mechanism is proposed to resist the Byzantine attack in non-iid (not independent and identically distributed) dataset which is usually gathered from heterogeneous ships. The credibility is introduced to measure the trustworthiness of uploaded knowledge from ships and is updated based on their shared information in each epoch. Then, we design an efficient privacy-preserving gradient aggregation protocol based on a secure two-party calculation protocol. With the help of a central server, we can accurately recognise the Byzantine attackers and update the global model parameters privately. Furthermore, we theoretically discussed the privacy preservation and efficiency of DisBezant. To verify the effectiveness of our DisBezant, we evaluate it over three real datasets and the results demonstrate that DisBezant can efficiently and effectively achieve the Byzantine-robust federated learning. Although there are 40% nodes are Byzantine attackers in participants, our DisBezant can still recognise them and ensure the accurate model training.

    Rahim Taheri, Meysam Ghahramani, Reza Javidan, Mohammad Shojafar, Zahra Pooranian, M Conti (2020)Similarity-based Android malware detection using Hamming distance of static binary features, In: Future Generation Computer Systems105pp. 230-247 Elsevier

    In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to asses the suitability of our proposed similaritybased detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions.

    Seyed Farhad Aghili, Hamid Mala, MOHAMMAD SHOJAFAR, Pedro Peris-Lopez (2019)LACO: Lightweight Three-Factor Authentication, Access Control and Ownership Transfer Scheme for E-Health Systems in IoT, In: Future generation computer systems96pp. 410-424 Elsevier B.V

    The use of the Internet of Things (IoT) in the electronic health (e-health) management systems brings with it many challenges, including secure communications through insecure radio channels, authentication and key agreement schemes between the entities involved, access control protocols and also schemes for transferring ownership of vital patient information. Besides, the resource-limited sensors in the IoT have real difficulties in achieving this goal. Motivated by these considerations, in this work we propose a new lightweight authentication and ownership transfer protocol for e-health systems in the context of IoT (LACO in short). The goal is to propose a secure and energy-efficient protocol that not only provides authentication and key agreement but also satisfies access control and preserves the privacy of doctors and patients. Moreover, this is the first time that the ownership transfer of users is considered. In the ownership transfer phase of the proposed scheme, the medical server can change the ownership of patient information. In addition, the LACO protocol overcomes the security flaws of recent authentication protocols that were proposed for e-health systems, but are unfortunately vulnerable to traceability, de-synchronization, denial of service (DoS), and insider attacks. To avoid past mistakes, we present formal (i.e., conducted on ProVerif language) and informal security analysis for the LACO protocol. All this ensures that our proposed scheme is secure against the most common attacks in IoT systems. Compared to the predecessor schemes, the LACO protocol is both more efficient and more secure to use in e-health systems. •We present several serious security attacks against Zhang et al. scheme (called ZZTL). Our proposed attacks include user traceability, de-synchronization, DoS and insider attacks.•In order to increase the security level offered by ZZTL protocol, we fix all security faults found in this scheme.•We propose a new architecture involving three main entities. We also provide the access control mechanism during the authentication phase.•We also consider the situation where the current doctor of the patient wants to transfer her/his privileges to a new doctor (ownership transfer).•The security of the proposed scheme is examined from a formal (ProVerif language) and informal point of view.•The efficiency of our proposal is higher than the predecessor schemes. Therefore our scheme can be used for resource-constrained sensors in IoT systems.

    MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Mohammad Reza Meybodi, Mukesh Singhal (2015)ALATO: An efficient intelligent algorithm for time optimization in an economic grid based on adaptive stochastic Petri net, In: Journal of intelligent manufacturing26(4)pp. 641-658
    Z-H Zhou, MOHAMMAD SHOJAFAR, Mamoun Alazab, Jemal Abawajy, FF Li (2021)AFED-EF: An Energy-efficient VM Allocation Algorithm for IoT Applications in a Cloud Data Center, In: IEEE Transactions on Green Communications and Networkingpp. 1-1 IEEE

    Cloud Data Centers (CDCs) have become a vital computing infrastructure for enterprises. However, CDCs consume substantial energy due to the increased demand for computing power, especially for the Internet of Things (IoT) applications. Although a great deal of research in green resource allocation algorithms have been proposed to reduce the energy consumption of the CDCs, existing approaches mostly focus on minimizing the number of active Physical Machines (PMs) and rarely address the issue of load fluctuation and energy efficiency of the Virtual Machine (VM) provisions jointly. Moreover, existing approaches lack mechanisms to consider and redirect the incoming traffics to appropriate resources to optimize the Quality of Services (QoSs) provided by the CDCs. We propose a novel adaptive energy-aware VM allocation and deployment mechanism called AFED-EF for IoT applications to handle these problems. The proposed algorithm can efficiently handle the fluctuation of load and has good performance during the VM allocation and placement. We carried out extensive experimental analysis using a real-world workload based on more than a thousand PlanetLab VMs. The experimental results illustrate that AFED-EF outperforms other energy-aware algorithms in energy consumption, Service Level Agreements (SLA) violation, and energy efficiency.

    Mohammad M Tajiki, Stefano Salsano, Luca Chiaraviglio, MOHAMMAD SHOJAFAR, Behzad Akbari (2019)Joint Energy Efficient and QoS-Aware Path Allocation and VNF Placement for Service Function Chaining, In: IEEE eTransactions on network and service management16(1)pp. 374-388 IEEE

    Service function chaining (SFC) allows the forwarding of traffic flows along a chain of virtual network functions (VNFs). Software defined networking (SDN) solutions can be used to support SFC to reduce both the management complexity and the operational costs. One of the most critical issues for the service and network providers is the reduction of energy consumption, which should be achieved without impacting the Quality of Service. In this paper, we propose a novel resource allocation architecture which enables energy-aware SFC for SDN-based networks, considering also constraints on delay, link utilization, server utilization. To this end, we formulate the problems of VNF placement, allocation of VNFs to flows, and flow routing as integer linear programming (ILP) optimization problems. Since the formulated problems cannot be solved (using ILP solvers) in acceptable timescales for realistic problem dimensions, we design a set of heuristic to find near-optimal solutions in timescales suitable for practical applications. We numerically evaluate the performance of the proposed algorithms over a real-world topology under various network traffic patterns. Our results confirm that the proposed heuristic algorithms provide near-optimal solutions (at most 14% optimality-gap) while their execution time makes them usable for real-life networks.

    Seyed Hossein Hosseini Nazhad, MOHAMMAD SHOJAFAR, Shahaboddin Shamshirband, M Conti (2018)An efficient routing protocol for the QoS support of large‐scale MANETs, In: International journal of communication systems31(1)pp. e3384-n/a

    Summary The hierarchical routing algorithm is categorized as a kind of routing method using node clustering to create a hierarchical structure in large‐scale mobile ad hoc network (LMANET). In this paper, we proposed a new hierarchical clustering algorithm (HCAL) and a corresponded protocol for hierarchical routing in LMANET. The HCAL is designed based on a cost metric in the form of the link expiration time and node's relative degree. Correspondingly, the routing protocol for HCAL adopts a reactive protocol to control the existing cluster head (CH) nodes and handle proactive nodes to be considered as a cluster in LMANET. Hierarchical clustering algorithm jointly utilizes table‐driven and on‐demand routing by using a combined weight metric to search dominant set of nodes. This set is composed by link expiration time and node's relative degree to establish the intra/intercommunication paths in LMANET. The performance of the proposed algorithm and protocol is numerically evaluated in average end‐to‐end delay, number of CH per round, iteration count between the CHs, average CH keeping time, normalized routing overhead, and packet delivery ratio over a number of randomly generated benchmark scenarios. Furthermore, to corroborate the actual effectiveness of the HCAL algorithm, extensive performance comparisons are carried out with some state‐of‐the‐art routing algorithms, namely, Dynamic Doppler Velocity Clustering, Signal Characteristic‐Based Clustering, Dynamic Link Duration Clustering, and mobility‐based clustering algorithms. In this paper, we proposed a hybrid hierarchical clustering algorithm (HCAL) for large‐scale ad hoc networks (LMANET) and a protocol for hierarchical routing related to it (HCAL‐R) based on the cost metric in the forms of the link expiration time and node's relative degree. Remarkable features of the HCAL algorithm are that (1) its implementation is distributed over the available mobile nodes and (2) it is capable to adapt to the (possibly, complex) network size with the high‐speed nodes over the LMANET. Both these features are attained by equipping each routing path by a cost metric function in cluster head (CH) election that acquires context information by the environment (eg, current state of the CHs and the keeping time of the CHs).

    Amir Javadpour, Forough Ja'fari, Tarik Taleb, Mohammad Shojafar (2022)A Cost-Effective MTD Approach for DDoS Attacks in Software-Defined Networks, In: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings The Institute of Electrical and Electronics Engineers, Inc. (IEEE)

    Protecting large-scale networks, especially Software-Defined Networks (SDNs), against distributed attacks in a cost effective manner plays a prominent role in cybersecurity. One of the pervasive approaches to plug security holes and prevent vulnerabilities from being exploited is Moving Target Defense (MTD), which can be efficiently implemented in SDN as it needs comprehensive and proactive network monitoring. The critical key in MTD is to shuffle the least number of hosts with an acceptable security impact and keep the shuffling frequency low. In this paper, we have proposed an SDN-oriented Cost-effective Edge-based MTD Approach (SCEMA) to mitigate Distributed Denial of Service (DDoS) attacks at a lower cost by shuffling an optimized set of hosts that have the highest number of connections to the critical servers. These connections are named edges from a graph-theoretical point of view. We have designed a system based on SCEMA and simulated it in Mininet. The results show that SCEMA has lower (52.58%) complexity than the previous related MTD methods improving the security level by 14.32%.

    H Cheng, MOHAMMAD SHOJAFAR, Mamoun Alazab, Rahim Tafazolli, Yining Liu (2021)PPVF: Privacy-Preserving Protocol for Vehicle Feedback in Cloud-Assisted VANET, In: IEEE Transactions on Intelligent Transportation Systemspp. 1-13 Institute of Electrical and Electronics Engineers (IEEE)

    The vehicular ad hoc network (VANET) is a platform for exchanging information between vehicles and everything to enhance driver's driving experience and improve traffic conditions. The reputation system plays an essential role in judging whether to communicate with the target vehicle based on other vehicles' feedback. However, existing reputation systems ignore the privacy protection of feedback providers. Additionally, traditional VANET based on wireless sensor networks (WSNs) has limited power, storage, and processing capabilities, which cannot meet the real-world demands in a practical VANET deployment. Thus, we attempt to integrate cloud computing with VANET and proposes a privacy-preserving protocol of vehicle feedback (PPVF) for cloud-assisted VANET. In cloud-assisted VANET, we integrate homomorphic encryption and data aggregation technology to design the scheme PPVF, in which with the assistance of the roadside units (RSU), cloud service provider (CSP) obtains the total number of vehicles with the corresponding parameters in the feedback for reputation calculation without violating individual feedback privacy. Simulation results and security analysis confirm that PPVF achieves effective privacy protection for vehicle feedback with acceptable computational and communication burden. Besides, the RSU is capable of handling 1999 messages for every 300ms, so as the number of vehicles in the communication domain increases, the PPVF has a lower message loss rate.

    Z-H Zhou, KIN MING LI, Jemal Abawajy, MOHAMMAD SHOJAFAR, Morshed Chowdhury, FF Li, Keqin Li (2021)An Adaptive Energy-aware Stochastic Task Execution Algorithm in Virtualized Networked Datacenters, In: IEEE transactions on sustainable computing IEEE

    Virtualized networked datacenters (VNDCs) are gaining considerable attention for stochastic task execution under real-time constraints. However, the problem of efficiently minimizing the high energy consumption while ensuring high quality of service (QoS) in VNDCs has not been fully addressed. Although many solutions have been proposed to address this challenge, they are not efficient and only consider one or two of the energy consuming resources of VNDCs. To this end, an adaptive energy-aware algorithm, MCEC, that efficiently reduces the energy consumption of VNDCs while ensuring high QoS is proposed. Different from the existing approaches, the MCEC algorithm considers energy consumed by computing resources, virtual machine (VM) reconfiguration, communication resources and storage media resources while meeting user QoS requirements defined in the service level agreement (SLA). To validate the effectiveness of our algorithm, we carried out extensive experiments and compared the performance of our algorithm with existing baseline algorithms. The results of the experiments show that our algorithm substantially outperforms the baseline algorithms with respect to reducing energy consumption while respecting the service level agreement.

    Habib Mostafaei, MOHAMMAD SHOJAFAR, M Conti (2021)TEL: Low-Latency Failover Traffic Engineering in Data Plane, In: IEEE Transactions on network and service managementpp. 1-14 IEEE

    Modern network applications demand low-latency traffic engineering in the presence of network failure, while preserving the quality of service constraints like delay and capacity. Fast Re-Route (FRR) mechanisms are widely used for traffic re-routing purposes in failure scenarios. Control plane FRR typically computes the backup forwarding rules to detour the traffic in the data plane when the failure occurs. This mechanism could be computed in the data plane with the emergence of programmable data planes. In this paper, we propose a system (called TEL) that contains two FRR mechanisms, namely, and . The first one computes backup forwarding rules in the control plane, satisfying max-min fair allocation. The second mechanism provides FRR in the data plane. Both algorithms require minimal memory on programmable data planes and are well-suited with modern line rate match-action forwarding architectures (e.g., PISA). We implement both mechanisms on P4 programmable software switches (e.g., BMv2 and Tofino) and measure their performance on various topologies. The obtained results from a datacenter topology show that our FRR mechanism can improve the flow completion time up to 4.6xb-7.3x (i.e., small flows) and 3.1x-12x (i.e., large flows) compared to recirculation-based mechanisms, such as F10, respectively.

    Mohammad M Tajiki, Behzad Akbari, MOHAMMAD SHOJAFAR, Seyed Hesamedin Ghasemi Petroudi, Mahdi Latifi Barazandeh, Nader Mokari, Luca Chiaraviglio, Michael Zink (2018)CECT: Computationally Efficient Congestion-avoidance and Traffic Engineering in Software-defined Cloud Data Centers, In: Cluster computing21(4)pp. 1881-1897

    The proliferation of cloud data center applications and network function virtualization (NFV) boosts dynamic and QoS dependent traffic into the data centers network. Currently, lots of network routing protocols are requirement agnostic, while other QoS-aware protocols are computationally complex and inefficient for small flows. In this paper, a computationally efficient congestion avoidance scheme, called CECT, for software-defined cloud data centers is proposed. The proposed algorithm, CECT, not only minimizes network congestion but also reallocates the resources based on the flow requirements. To this end, we use a routing architecture to reconfigure the network resources triggered by two events: 1) the elapsing of a predefined time interval, or, 2) the occurrence of congestion. Moreover, a forwarding table entries compression technique is used to reduce the computational complexity of CECT. In this way, we mathematically formulate an optimization problem and define a genetic algorithm to solve the proposed optimization problem. We test the proposed algorithm on real-world network traffic. Our results show that CECT is computationally fast and the solution is feasible in all cases. In order to evaluate our algorithm in term of throughput, CECT is compared with ECMP (where the shortest path algorithm is used as the cost function). Simulation results confirm that the throughput obtained by running CECT is improved up to 3x compared to ECMP while packet loss is decreased up to 2x.

    MOHAMMAD SHOJAFAR, Claudia Canali, Riccardo Lancellotti, Jemal Abawajy (2020)Adaptive Computing-Plus-Communication Optimization Framework for Multimedia Processing in Cloud Systems, In: IEEE transactions on cloud computing8(4)pp. 1162-1175 IEEE Computer Society

    A clear trend in the evolution of network-based services is the ever-increasing amount of multimedia data involved. This trend towards big-data multimedia processing finds its natural placement together with the adoption of the cloud computing paradigm, that seems the best solution to cope with the demands of a highly fluctuating workload that characterizes this type of services. However, as cloud data centers become more and more powerful, energy consumption becomes a major challenge both for environmental concerns and for economic reasons. An effective approach to improve energy efficiency in cloud data centers is to rely on traffic engineering techniques to dynamically adapt the number of active servers to the current workload. Towards this aim, we propose a joint computing-plus-communication optimization framework exploiting virtualization technologies, called MMGreen . Our proposal specifically addresses the typical scenario of multimedia data processing with computationally intensive tasks and exchange of a big volume of data. The proposed framework not only ensures users the Quality of Service (through Service Level Agreements), but also achieves maximum energy saving and attains green cloud computing goals in a fully distributed fashion by utilizing the DVFS-based CPU frequencies. To evaluate the actual effectiveness of the proposed framework, we conduct experiments with MMGreen under real-world and synthetic workload traces. The results of the experiments show that MMGreen may significantly reduce the energy cost for computing, communication and reconfiguration with respect to the previous resource provisioning strategies, respecting the SLA constraints.

    K Deepa, Radhamani G, Vinod P, MOHAMMAD SHOJAFAR, Neeraj Kumar, M Conti (2019)Identification of Android malware using refined system calls, In: Concurrency and computation31(20)

    Summary The ever increasing number of Android malware has always been a concern for cybersecurity professionals. Even though plenty of anti‐malware solutions exist, we hypothesize that the performance of existing approaches can be improved by deriving relevant attributes through effective feature selection methods. In this paper, we propose a novel two‐step feature selection approach based on Rough Set and Statistical Test named as RSST to extract refined system calls, which can effectively discriminate malware from benign apps. By refined set of system call, we mean the existence of highly relevant calls that are uniformly distributed thought target classes. Moreover, an optimal attribute set is created, which is devoid of redundant system calls. To address the problem of higher dimensional attribute set, we derived suboptimal system call space by applying the proposed feature selection method to maximize the separability between malware and benign samples. Comprehensive experiments conducted on three datasets resulted in an accuracy of 99.9%, Area Under Curve (AUC) of 1.0, with 1% False Positive Rate (FPR). However, other feature selectors (Information Gain, CFsSubsetEval, ChiSquare, FreqSel, and Symmetric Uncertainty) used in the domain of malware analysis resulted in the accuracy of 95.5% with 8.5% FPR. Moreover, the empirical analysis of RSST derived system calls outperformed other attributes such as permissions, opcodes, API, methods, call graphs, Droidbox attributes, and network traces.

    Hossein Soleimani, Stefano Tomasin, Tohid Alizadeh, MOHAMMAD SHOJAFAR (2017)Cluster-head based feedback for simplified time reversal prefiltering in ultra-wideband systems, In: Physical communication25pp. 100-109 Elsevier B.V

    Time-reversal prefiltering (TRP) technique for impulse radio (IR) ultra wide-band (UWB) systems requires a large amount of feedback to transmit the channel impulse response from the receiver to the transmitter. In this paper, we propose a new feedback design based on vector quantization. We use a machine learning algorithm to cluster the estimated channels into several groups and to select the channel cluster heads (CCHs) for feedback. In particular, CCHs and their labels are recorded at both side of the UWB transceivers and the label of the most similar CCH to the estimated channel is fed back to the transmitter. Finally, the TRP is applied using the feedback CCH. The proposed digital feedback provides three main advantages: (1) it significantly reduces the dedicated bandwidth required for feedback; (2) it considerably improves the speed of transceivers; and, (3) it is robust to noise in the feedback channel since few bytes are required to send the codes that can be heavily error protected. Numerical results on standard UWB channel models are discussed, showing the advantage of the proposed solution.

    ZHENG CHU, PEI XIAO, MOHAMMAD SHOJAFAR, DE MI, Wanming Hao, Jia Shi, Jie Zhong (2022)Intelligent Reflecting Surface Empowered Wireless Powered Caching Networks, In: IEEE internet of things journal IEEE

    —In this paper, we propose an intelligent reflecting surface (IRS) enabled wireless powered caching system. In the proposed IRS model, a power station (PS) provides wireless energy to multiple Internet of Things (IoT) devices, delivering their information to an access point (AP) by utilizing the harvested power. The AP, equipped with a local cache, stores the IoT data to avoid waking up the IoT devices frequently. Meanwhile, we deploy the IRS involving in the wireless energy and information transfer process for performance enhancements. In this practical system, the PS and the AP could belong to different service providers. Also, the AP requires to incentivize the PS to offer a provisional energy service. We model the interaction between the PS and the AP as a Stackelberg game that jointly optimizes the transmit power of the PS, the energy price, the phase shifts of the wireless energy transfer (WET) and wireless information transfer (WIT) phases, as well as wireless caching strategies of the AP. In this way, we first derive the optimal solutions of the phase shifts and the transmit power of the PS in closed-form. We propose an alternating optimization (AO) algorithm to optimize the wireless caching strategies and the energy price iteratively. Finally, we present various numerical evaluations to validate the beneficial role of the IRS and the wireless caching strategies and the performance of the proposed scheme compared with the existing benchmark schemes.

    Pei Wang, Chien-Ming Chen, Saru Kumari, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI, Yi Liu (2020)HDMA: Hybrid D2D Message Authentication Scheme for 5G-Enabled VANETs, In: IEEE transactions on intelligent transportation systemspp. 1-10 IEEE

    The fifth-generation (5G) mobile communication technology with higher capacity and data rate, ultra-low device to device (D2D) latency, and massive device connectivity will greatly promote the development of vehicular ad hoc networks (VANETs). Meantime, new challenges such as security, privacy and efficiency are raised. In this article, a hybrid D2D message authentication (HDMA) scheme is proposed for 5G-enabled VANETs, in which a novel group signature-based algorithm is used for mutual authentication between vehicle to vehicle (V2V) communication. In addition, a pre-computed lookup table is adopted to reduce the computation overhead of modular exponentiation operation. Security analysis shows that HDMA is robust to resist various security attacks, and performance analysis also points out that, the authentication overhead of HDMA is more efficient than some traditional schemes with the help of the pre-computed lookup table in V2V and vehicle to infrastructure (V2I) communication.

    ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, SK Garg, Rahim Taheri, RAHIM TAFAZOLLI (2020)LEVER: Secure Deduplicated Cloud Storage with Encrypted Two-Party Interactions in Cyber-Physical Systems, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    Cloud envisioned Cyber-Physical Systems (CCPS) is a practical technology that relies on the interaction among cyber elements like mobile users to transfer data in cloud computing. In CCPS, cloud storage applies data deduplication techniques aiming to save data storage and bandwidth for real-time services. In this infrastructure, data deduplication eliminates duplicate data to increase the performance of the CCPS application. However, it incurs security threats and privacy risks. In this area, several types of research have been done. Nevertheless, they are suffering from a lack of security, high performance, and applicability. Motivated by this, we propose a message Lock Encryption with neVer-decrypt homomorphic EncRyption (LEVER) protocol between the uploading CCPS user and cloud storage to reconcile the encryption and data deduplication. Interestingly, LEVER is the first brute-force resilient encrypted deduplication with only cryptographic two-party interactions

    Meysam Ghahramani, Reza Javidan, MOHAMMAD SHOJAFAR (2020)A secure biometric-based authentication protocol for global mobility networks in smart cities, In: The Journal of supercomputing76(11)pp. 8729-8755

    Smart city is an important concept in urban development. The use of information and communication technology to promote quality of life and the management of natural resources is one of the main goals in smart cities. On the other hand, at any time, thousands of mobile users send a variety of information on the network, and this is the main challenge in smart cities. To overcome this challenge and collect data from roaming users, the global mobility network (GLOMONET) is a good approach for information transfer. Consequently, designing a secure protocol for GLOMONET is essential. The main intention of this paper is to provide a secure protocol for GLOMONET in smart cities. To do this, we design a protocol that is based on Li et al.’s protocol, which is not safe against our proposed attacks. Our protocol inherits all the benefits of the previous one; it is entirely secure and does not impose any more communication overhead. We formally analyze the protocol using BAN logic and compare it to similar ones in terms of performance and security, which shows the efficiency of our protocol. Our proposed protocol enables mobile users and foreign agents to share a secret key in 6.1 ms with 428 bytes communication overhead, which improves the time complexity of the previous protocol to 53%.

    Saeed Javanmardi, MOHAMMAD SHOJAFAR, Valerio Persico, Antonio Pescapè (2020)FPFTS: A joint fuzzy particle swarm optimization mobility‐aware approach to fog task scheduling algorithm for Internet of Things devices, In: Software, practice & experience
    Z-H Zhou, MOHAMMAD SHOJAFAR, Jemal Abawajy, HJ Yin, H.Y. Lu (2022)ECMS: An Edge Intelligent Energy Efficient Model in Mobile Edge Computing, In: IEEE Transactions on Green Communications and Networking6(1)pp. 238-247 IEEE

    With the increasing popularity of mobile edge computing (MEC) for processing intensive and delay sensitive IoT applications, the problem of high energy consumption of MEC has become a significant concern. Energy consumption prediction and monitoring of edge servers are crucial for reducing MEC's carbon footprint in accordance with green computing and sustainable development. However, predicting energy consumption of edge servers is a nontrivial problem due to the fluctuation and variation of different loads. To address this problem, we propose ECMS, a new edge intelligent energy modeling approach that jointly adopts Elman Neural Network (ENN) and feature selection to optimize the consumption of energy on edge servers. ECMS considers 29 parameters relevant to edge server energy consumption and uses the ENN to develop an energy consumption model. Unlike other energy consumption models, ECMS can successfully deal with load fluctuation and various sorts of tasks, such as CPU-intensive, online transaction-intensive, and I/O-intensive. We have validated ECMS through extensive experiments and compared its performance in terms of accuracy and training time to several baseline approaches. The experimental results show the superiority of ECMS to the baseline models. We believe that the proposed model can be used by the MEC resource providers to forecast and optimize energy use.

    Enzo Baccarelli, Paola G Vinueza Naranjo, MOHAMMAD SHOJAFAR, Michele Scarpiniti (2017)Q: Energy and delay-efficient dynamic queue management in TCP/IP virtualized data centers, In: Computer communications102pp. 89-106 Elsevier B.V

    The emerging utilization of Software-as-a-Service (SaaS) Fog computing centers as an Internet virtual computing commodity is raising concerns over the energy consumptions of networked data centers for the support of delay-sensitive applications. In addition to the energy consumed by the servers, the energy wasted by the network devices that support TCP/IP reliable inter-Virtual Machines (VMs) connections is becoming a significant challenge. In this paper, we propose and develop a framework for the joint characterization and optimization of TCP/IP SaaS Fog data centers that utilize a bank of queues for increasing the fraction of the admitted workload. Our goal is two-fold: (i) we maximize the average workload admitted by the data center; and, (ii) we minimize the resulting networking-plus-computing average energy consumption. For this purpose, we exploit the Lyapunov stochastic optimization approach, in order to design and analyze an optimal (yet practical) online joint resource management framework, which dynamically performs: (i) admission control; (ii) dispatching of the admitted workload; (iii) flow control of the inter-VM TCP/IP connections; (iv) queue control; (v) up/down scaling of the processing frequencies of the instantiated VMs; and, (vi) adaptive joint consolidation of both physical servers and TCP/IP connections. The salient features of the resulting scheduler (e.g., the Q* scheduler) are that: (i) it admits distributed and scalable implementation; (ii) it provides deterministic bounds on the instantaneous queue backlogs; (iii) it avoids queue overflow phenomena; and, (iv) it effectively tracks the (possibly unpredictable) time-fluctuations of the input workload, in order to perform joint resource consolidation without requiring any a prioriinformation and/or forecast of the input workload. Actual energy and delay performances of the proposed scheduler are numerically evaluated and compared against the corresponding ones of some competing and state-of-the-art schedulers, under: (i) Fast - Giga - 10Giga Ethernet switching technologies; (ii) various settings of the reconfiguration-consolidation costs; and, (iii) synthetic, as well as real-world workloads. The experimental results support the conclusion that the proposed scheduler can achieve over 30% energy savings.

    A Aswathy, T. R Amal, P. G Swathy, MOHAMMAD SHOJAFAR, P Vinod (2020)SysDroid: a dynamic ML-based android malware analyzer using system call traces, In: Cluster computing23(4)pp. 2789-2808
    Paola G. Vinueza Naranjo, ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, M Conti, Rajkumar Buyya (2019)FOCAN: A Fog-supported smart city network architecture for management of applications in the Internet of Everything environments, In: Journal of parallel and distributed computing132pp. 274-283 Elsevier Inc

    Smart city vision brings emerging heterogeneous communication technologies such as Fog Computing (FC) together to substantially reduce the latency and energy consumption of Internet of Everything (IoE) devices running various applications. The key feature that distinguishes the FC paradigm for smart cities is that it spreads communication and computing resources over the wired/wireless access network (e.g., proximate access points and base stations) to provide resource augmentation (e.g., cyberforaging) for resource- and energy-limited wired/wireless (possibly mobile) things. Motivated by these considerations, this paper presents a Fog-supported smart city network architecture called Fog Computing Architecture Network (FOCAN), a multi-tier structure in which the applications are running on things thatjointly compute, route, and communicate with one another through the smart city environment. FOCAN decreases latency and improves energy provisioning and the efficiency of services among things with different capabilities. In particular, three types of communications are defined between FOCAN devices – interprimary, primary, and secondary communication –to manage applications in a way that meets the quality of service standards for the Internet of Everything. One of the main advantages of the proposed architecture is that the devices can provide the services with low energy usage and in an efficient manner. Simulation results for a selected case study demonstrate the tremendous impact of the FOCAN energy-efficient solution on the communication performance of various types of things in smart cities. •Present a generalized multi-tiered smart city architecture utilizes FC for devices.•Develop an FC-supported resource allocation model to cover FNs/device components.•Provide various types of communications between the components.•Evaluate the performance of the solution for an FC platform on real datasets.

    S Singh, Pradip Kumar Sharma, Byungun Yoon, MOHAMMAD SHOJAFAR, Gi Hwan Cho, In-Ho Ra (2020)Convergence of blockchain and artificial intelligence in IoT network for the sustainable smart city, In: Sustainable cities and society63 Elsevier Ltd

    •A study on convergence of Blockchain-AI for sustainable smart city.•Presents the security issues and challenges based on various dimensions.•Discusses the blockchain security enhancement solutions, and summarizing key points.•Summarize the open issues and research direction: new security suggestions, future guidelines. In the digital era, the smart city can become an intelligent society by utilizing advances in emerging technologies. Specifically, the rapid adoption of blockchain technology has led a paradigm shift to a new digital smart city ecosystem. A broad spectrum of blockchain applications promise solutions for problems in areas ranging from risk management and financial services to cryptocurrency, and from the Internet of Things (IoT) to public and social services. Furthermore, the convergence of Artificial Intelligence (AI) and blockchain technology is revolutionizing the smart city network architecture to build sustainable ecosystems. However, these advancements in technologies bring both opportunities and challenges when it comes to achieving the goals of creating a sustainable smart cities. This paper provides a comprehensive literature review of the security issues and problems that impact the deployment of blockchain systems in smart cities. This work presents a detailed discussion of several key factors for the convergence of Blockchain and AI technologies that will help form a sustainable smart society. We discuss blockchain security enhancement solutions, summarizing the key points that can be used for developing various blockchain-AI based intelligent transportation systems. Also, we discuss the issues that remain open and our future research direction, this includes new security suggestions and future guidelines for a sustainable smart city ecosystem.

    D Wei, Ning Xi, Xindi Ma, MOHAMMAD SHOJAFAR, Saru Kumari, Jianfeng Ma (2022)Personalized Privacy-aware Task Offloading for Edge-Cloud-Assisted Industrial Internet of Things in Automated Manufacturing, In: IEEE transactions on industrial informatics IEEE

    Industrial Internet of Things (IIoT) devices have been widely used for monitoring and controlling the process of the automated manufacturing. Due to limited computing capacity of the IIoT sensors in the production line, the scheduling task in production line needs to be offloaded to the edge computing servers (ECS). To obtain desired quality of service (QoS) during offloading scheduling tasks, {the precise interaction information between production line and ECSs have to be uploaded to the} cloud platform, which poses privacy issues. Existing works mostly assume all interaction information, i.e., the offloading decision for the subtask in a scheduling task, have same privacy level, which cannot meet the various privacy requirements of the offloading decision for the subtask. Hence, we propose a local differential privacy-based deep reinforcement learning (LDP-DRL) approach in edge-cloud-assisted IIoT to provide personalized privacy guarantee. The LDP mechanism can generate different level of noise to satisfy various privacy requirements of the offloading decision for the subtask. The prioritized experience replay (PER) is integrated in DRL to reduce the impact of noise on the QoS performance of task offloading. The formal analysis of the LDP-DRL is provided in terms of privacy level and convergence. Finally, the extensive experiments are conducted to evaluate the effectiveness, capacity of privacy protection, the impact of discount factor on the convergence, and cost efficiency of the LDP-DRL approach.

    MOHAMMAD SHOJAFAR, Yassine Maleh, Darwish Ashraf, Haqiq Abdelkrim (2019)Cybersecurity and privacy in cyber physical systems CRC Press

    This title encourages both researchers and practitioners to share and exchange their experiences and recent studies between academia and industry to highlight and discuss the recent development and emerging trends cybercrime and computer digital forensics in the Cloud of Things; to propose new models, practical solutions, and technological advances related to cybercrime and computer digital forensics in the Cloud of Things; and to discuss new cybercrime and computer digital forensics models, prototypes, and protocols for the Cloud of Things environment.

    Hiwa Omer Hassan, Sadoon Azizi, MOHAMMAD SHOJAFAR (2020)Priority, network and energy-aware placement of IoT-based application services in fog-cloud environments, In: IET communications14(13)pp. 2117-2129 The Institution of Engineering and Technology

    Fog computing is a decentralised model which can help cloud computing for providing high quality-of-service (QoS) for the Internet of Things (IoT) application services. Service placement problem (SPP) is the mapping of services among fog and cloud resources. It plays a vital role in response time and energy consumption in fog–cloud environments. However, providing an efficient solution to this problem is a challenging task due to difficulties such as different requirements of services, limited computing resources, different delay, and power consumption profile of devices in fog domain. Motivated by this, in this study, we propose an efficient policy, called MinRE, for SPP in fog–cloud systems. To provide both QoS for IoT services and energy efficiency for fog service providers, we classify services into two categories: critical services and normal ones. For critical services, we propose MinRes, which aims to minimise response time, and for normal ones, we propose MinEng, whose goal is reducing the energy consumption of fog environment. Our extensive simulation experiments show that our policy improves the energy consumption up to 18%, the percentage of deadline satisfied services up to 14% and the average response time up to 10% in comparison with the second-best results.

    Z-H Zhou, Jemal Abawajy, Mohammad Shojafar, Morshed Chowdhury (2022)DEHM: An Improved Differential Evolution Algorithm using Hierarchical Multi-strategy in a Cybertwin 6G Network, In: IEEE Transactions on Industrial Informatics Institute of Electrical and Electronics Engineers (IEEE)

    Differential evolution (DE) algorithm can be used in edge/cloud cyberspace to find an optimal solution due to its effectiveness and robustness}. With the rapid increase of the mobile traffic data and resources in a cybertwin-driven 6G network, the DE algorithm faces some problems such as premature convergence and search stagnation. To deal with the problems mentioned above, an improved DE algorithm based on hierarchical multi-strategy in a cybertwin-driven 6G network (denoted by DEHM) is proposed. Based on the fitness value of the population, DEHM classifies the population into three sub-population. Regarding each sub-population, DEHM adopts different mutation strategies to achieve a tradeoff between convergence speed and population diversity. In addition, a new selection strategy is presented to ensure that the potential individual with good genes is not lost. Experimental results suggest that the DEHM algorithm surpasses other benchmark algorithms in the field of convergence speed and accuracy.

    Nilesh Chakraborty, Mithun Mukherjee, JUERONG LI, MOHAMMAD SHOJAFAR, Yi Pan (2021)Cryptanalysis of a Honeyword System in the IoT Platform, In: IEEE internet of things journalpp. 1-1 IEEE

    Password is one of the most well-known authentication methods in accessing many Internet of Things (IoT) devices. The usage of passwords, however, inherits several drawbacks and emerging vulnerabilities in the IoT platform. However, many solutions have been proposed to tackle these limitations. Most of these defense strategies suffer from a lack of computational power and memory capacity and do not have immediate cover in the IoT platform. Motivated by this consideration, the goal of this paper is fivefold. First, we analyze the feasibility of implementing a honeyword-based defense strategy to prevent the latest developed server-side threat on the IoT domain's password. Second, we perform thorough cryptanalysis of a recently developed honeyword-based method to evaluate its advancement in preventing the threat and explore the best possible way to incorporate it in the IoT platform. Third, we verify that we can add a honeyword-based solution to the IoT infrastructure by ensuring specific guidelines. Forth, we propose a generic attack model, namely matching attack utilizing the compromised password-file to perform the security check of any legacy-UI approach for meeting the all essential flatness security criterion. Last, we compare the matching attack's performance with the corresponding one of a benchmark technological methods over the legacy-UI model and confirm that our attack has 5%~22% more vulnerable than others.

    Amir Javadpour, Forough Ja'fari, Tarik Taleb, Mohammad Shojafar, Bin Yang (2022)SCEMA: An SDN-Oriented Cost-Effective Edge-Based MTD Approach, In: IEEE transactions on information forensics and security18pp. 667-682 IEEE

    Protecting large-scale networks, especially Software-Defined Networks (SDNs), against distributed attacks in a cost-effective manner plays a prominent role in cybersecurity. One of the pervasive approaches to plug security holes and prevent vulnerabilities from being exploited is Moving Target Defense (MTD), which can be efficiently implemented in SDN as it needs comprehensive and proactive network monitoring. The critical key in MTD is to shuffle the least number of hosts with an acceptable security impact and keep the shuffling frequency low. In this paper, we have proposed an SDN-oriented Cost-effective Edge-based MTD Approach (SCEMA) to mitigate Distributed Denial of Service (DDoS) attacks at a lower cost by shuffling an optimized set of hosts that have the highest number of connections to the critical servers. These connections are named edges from a graph-theoretical point of view. We have proposed a three-layer mathematical model for the network that can easily calculate the attack cost. We have also designed a system based on SCEMA and simulated it in Mininet. The results show that SCEMA has lower complexity than the previous related MTD field with acceptable performance.

    Z-H Zhou, MOHAMMAD SHOJAFAR, Jemal Abawajy, A Bashir (2021)IADE: An Improved Differential Evolution Algorithm to Preserve Sustainability in a 6G Network, In: IEEE Transactions on Green Communications and Networkingpp. 1-14 Institute of Electrical and Electronics Engineers (IEEE)

    Differential evolution (DE) algorithm is utilized to find an optimized solution in multidimensional real applications like 5G/6G networked devices and support unlimited connectivity for terrestrial networks due to high efficiency, robustness, and easy achievements. With the development of new emerging networks and the rise of big data, the DE algorithm encounters a series of challenges, such as the slow convergence rate in late iteration, strong parameter dependence, and easiness to fall into local optimum. These issues exponentially increase the energy and power consumption of communications and computing technologies in 5G/6G network like a networked data center. To address this and leverage a practical solution, this paper introduces IADE, an improved adaptive DE algorithm, to solve the problems mentioned earlier. IADE improves the scaling factor, crossover probability, variation, and selection strategy of the DE algorithm. In IADE, the parameters adaptively adjusted with the population's iterative evolution to meet the parameter's different requirements values of network steering traffic in each period. Numerous experiments are carried out through the benchmark function to evaluate the performance of IADE, and the results obtained from the experiment illustrate that IADE surpasses the benchmark algorithms in terms of solution accuracy and convergence speed for large tasks around 10%, respectively.

    Farooq Hoseiny, Sadoon Azizi, MOHAMMAD SHOJAFAR, Fardin Ahmadiazar, RAHIM TAFAZOLLI PGA: A Priority-aware Genetic Algorithm for Task Scheduling in Heterogeneous Fog-Cloud Computing

    Fog-Cloud computing has become a promising platform for executing Internet of Things (IoT) tasks with different requirements. Although the fog environment provides low latency due to its proximity to IoT devices, it suffers from resource constraints. This is vice versa for the cloud environment. Therefore, efficiently utilizing the fog-cloud resources for executing tasks offloaded from IoT devices is a fundamental issue. To cope with this, in this paper, we propose a novel scheduling algorithm in fog-cloud computing named PGA to optimize the multi-objective function that is a weighted sum of overall computation time, energy consumption, and percentage of deadline satisfied tasks (PDST). We take the different requirements of the tasks and the heterogeneous nature of the fog and cloud nodes. We propose a hybrid approach based on prioritizing tasks and a genetic algorithm to find a preferable computing node for each task. The extensive simulations evaluate our proposed algorithm to demonstrate its superiority over the state-of-the-art strategies.

    PARYA HAJI MIRZAEE, MOHAMMAD SHOJAFAR, HAMIDREZA BAGHERI, T Chan, HAITHAM SATTAR CRUICKSHANK, RAHIM TAFAZOLLI (2021)A Two-layer Collaborative Vehicle-Edge Intrusion Detection System for Vehicular Communications

    With increased wireless connectivity and embedded sensors, vehicles are becoming more intelligent, offering Internet access, telematics, and advanced driver assistance systems. Along with all benefits, connectivity to the public network and automotive control systems introduces new threats and security risks to connected and autonomous driving systems. Therefore, it is highly critical to design robust security mechanisms to protect the system from potential attacks and security vulnerabilities. An intrusion detection system (IDS) is a promising solution to detect and identify attacks and malicious behaviour within the network. This paper proposes a two-layer IDS mechanism that exploits machine learning (ML) solutions for collaborative attack detection between an on-vehicle IDS module and a developed IDS platform at a mobile edge computing (MEC) server. The results illustrate that the proposed solution can significantly reduce communication latency and energy consumption up to 80% while maintaining a high level of detection accuracy.

    Mohammad Saedi, A Moore, P Perry, MOHAMMAD SHOJAFAR, Hanif Ullah, Jonathan Synnott, R Brown, Ian Herwono Generation of realistic signal strength measurements for a 5G Rogue Base Station attack scenario

    The detection and prevention of cyber-attacks is one of the main challenges in Vehicle-to-Everything (V2X) autonomous platooning scenarios. A key tool in this activity is the measurement report that is generated by User Equipment (UE), containing received signal strength and location information. Such data is effective in techniques to detect Rogue Base Stations (RBS) or Subscription Permanent Identifier SUPI/5G-GUTI catchers. An undetected RBS could result in unwanted consequences such as Denial of Service (DoS) attacks and subscriber privacy attacks on the network and UE. Motivated by this, this paper presents the novel simulation of a 5G cellular system to generate a realistic dataset of signal strength measurements that can later be used in the development of techniques to identify and prevent RBS interventions. The results show that the tool can create a large dataset of realistic measurement reports which can be used to develop and validate RBS detection techniques.

    Yassine Maleh, MOHAMMAD SHOJAFAR, Mamoun Alazab, Youssef Baddi (2021)Machine Intelligence and Big Data Analytics for Cybersecurity Applications Springer International Publishing

    This book presents the latest advances in machine intelligence and big data analytics to improve early warning of cyber-attacks, for cybersecurity intrusion detection and monitoring, and malware analysis. Cyber-attacks have posed real and wide-ranging threats for the information society. Detecting cyber-attacks becomes a challenge, not only because of the sophistication of attacks but also because of the large scale and complex nature of today’s IT infrastructures. It discusses novel trends and achievements in machine intelligence and their role in the development of secure systems and identifies open and future research issues related to the application of machine intelligence in the cybersecurity field. Bridging an important gap between machine intelligence, big data, and cybersecurity communities, it aspires to provide a relevant reference for students, researchers, engineers, and professionals working in this area or those interested in grasping its diverse facets and exploring the latest advances on machine intelligence and big data analytics for cybersecurity applications. .

    SANAZ SOLTANI, MOHAMMAD SHOJAFAR, Habib Mostafaei, ZAHRA POORANIAN, RAHIM TAFAZOLLI (2021)Link Latency Attack in Software-Defined Networks

    Software-Defined Networking (SDN) has found applications in different domains, including wired- and wireless networks. The SDN controller has a global view of the network topology, which is vulnerable to topology poisoning attacks, e.g., link fabrication and host-location hijacking. The adversaries can leverage these attacks to monitor the flows or drop them. However, current defence systems such as TopoGuard and TopoGuard+ can detect such attacks. In this paper, we introduce the Link Latency Attack (LLA) that can successfully bypass the systems' defence mechanisms above. In LLA, the adversary can add a fake link into the network and corrupt the controller's view from the network topology. This can be accomplished by compromising the end hosts without the need to attack the SDN-enabled switches. We develop a Machine Learning-based Link Guard (MLLG) system to provide the required defence for LLA. We test the performance of our system using an emulated network on Mininet, and the obtained results show an accuracy of 98.22% in detecting the attack. Interestingly, MLLG improves 16% the accuracy of TopoGuard+.